These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-9311 describes a denial-of-service issue in ntpd that can trigger a NULL pointer dereference and crash when the trap service is enabled. NVD rates it Medium severity (CVSS 5.9), and the vendor references point to a fix in NTP 4.2.8p9 and related advisories.
CVE-2016-9310 affects ntpd control mode (mode 6) handling in NTP before 4.2.8p9. According to the CVE description, a remote attacker could send a crafted control mode packet to set or unset traps. The supplied NVD data rates the issue as CVSS 3.0 6.5 MEDIUM, with network access required but no privileges or user interaction.
CVE-2016-7434 is a remotely reachable availability flaw in NTP. A crafted mrulist query can trigger a crash in read_mru_list, allowing an attacker to cause denial of service in affected deployments. The issue was publicly disclosed on 2017-01-13, and the vendor references point to fixes in NTP 4.2.8p9 and later.
CVE-2016-7433 affects NTP versions before 4.2.8p9. The issue is described as an error in the initial synchronization calculations, specifically a root distance calculation that did not include peer dispersion. NVD rates the impact as medium severity with a low availability effect and no confidentiality or integrity impact in the published CVSS vector. The safest response is to upgrade to a fixed NTP relea [truncated]
CVE-2016-7431 is a medium-severity NTP flaw affecting versions before 4.2.8p9. According to the NVD record, a remote attacker could bypass the origin timestamp protection mechanism by using an origin timestamp of zero. The record also notes that this issue exists as a regression related to CVE-2015-8138. The practical security impact is limited to integrity, but it is reachable over the network without pr [truncated]
CVE-2016-7429 is a low-severity NTP vulnerability that can disrupt communication with a time source. According to the CVE record, versions before 4.2.8p9 may change peer state based on the interface that receives a response, which can allow a remote attacker to interfere with synchronization by sending a response to the wrong interface.
CVE-2016-7428 is a denial-of-service issue in ntpd affecting NTP versions before 4.2.8p9. The flaw can cause broadcast mode packets to be rejected when the poll interval field is involved, so systems that rely on NTP broadcast synchronization should prioritize the fixed release.
CVE-2016-7427 is a medium-severity availability issue in ntpd's broadcast mode replay-prevention logic. According to the NVD description, a crafted broadcast mode packet can cause remote attackers to trigger a denial of service by making the daemon reject broadcast mode packets. The vulnerable versions identified in the source corpus are NTP 4.2.8p6, 4.2.8p7, and 4.2.8p8, with 4.2.8p9 referenced in the ve [truncated]
CVE-2016-7426 is a denial-of-service issue in NTP versions before 4.2.8p9. When rate limiting for all associations is enabled, an attacker can send responses with a spoofed source address in a way that causes NTP to rate limit replies from configured sources, potentially preventing those sources from responding. The practical impact is loss of time synchronization service, which can disrupt systems that d [truncated]