Description
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before
4.3.92 allows remote attackers to cause an out-of-bounds reference via an
addpeer request with a large hmode value.
Package
Upstream: | released
(1:4.2.8p7+dfsg-1)
|
Ubuntu 16.04 ESM: | released
(1:4.2.8p4+dfsg-3ubuntu5.3)
|
Ubuntu 14.04 ESM: | released
(1:4.2.6.p5+dfsg-3ubuntu2.14.04.10)
|
Ubuntu 20.04 FIPS Compliant: | not-affected
(1:4.2.8p4+dfsg-3ubuntu6)
|
Patches:
Updated: 2022-04-13 12:14:26 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)