Candidate: CVE-2016-6301
PublicDate: 2016-12-09 20:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6301
Description:
 The recv_and_process_client_pkt function in networking/ntpd.c in busybox
 allows remote attackers to cause a denial of service (CPU and bandwidth
 consumption) via a forged NTP packet, which triggers a communication loop.
Ubuntu-Description:
Notes:
 sbeattie> ntp server not built in ubuntu/debian busybox packages.
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833442
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_busybox:
 upstream: https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71
upstream_busybox: needs-triage
precise_busybox: not-affected (code not built)
trusty_busybox: not-affected (code not built)
trusty/esm_busybox: not-affected (code not built)
vivid/stable-phone-overlay_busybox: not-affected (code not built)
vivid/ubuntu-core_busybox: not-affected (code not built)
xenial_busybox: not-affected (code not built)
esm-infra/xenial_busybox: not-affected (code not built)
devel_busybox: not-affected (code not built)