ID CVE-2019-8936
Summary NTP through 4.2.8p12 has a NULL Pointer Dereference.
References
Vulnerable Configurations
  • cpe:2.3:a:netapp:data_ontap_operating_in_7-mode
    cpe:2.3:a:netapp:data_ontap_operating_in_7-mode
  • FreeBSD 11.2 -
    cpe:2.3:o:freebsd:freebsd:11.2
  • FreeBSD 11.2 Patch 2
    cpe:2.3:o:freebsd:freebsd:11.2:p2
  • FreeBSD 11.2 Patch 3
    cpe:2.3:o:freebsd:freebsd:11.2:p3
  • FreeBSD 11.2 Patch 4
    cpe:2.3:o:freebsd:freebsd:11.2:p4
  • FreeBSD 11.2 Patch 5
    cpe:2.3:o:freebsd:freebsd:11.2:p5
  • FreeBSD 11.2 Patch 6
    cpe:2.3:o:freebsd:freebsd:11.2:p6
  • FreeBSD 11.2 Patch 7
    cpe:2.3:o:freebsd:freebsd:11.2:p7
  • FreeBSD 11.2 Patch 9
    cpe:2.3:o:freebsd:freebsd:11.2:p9
  • FreeBSD 12.0 -
    cpe:2.3:o:freebsd:freebsd:12.0
  • FreeBSD 12.0 Patch 1
    cpe:2.3:o:freebsd:freebsd:12.0:p1
  • FreeBSD 12.0 Patch 3
    cpe:2.3:o:freebsd:freebsd:12.0:p3
  • Fedora 28
    cpe:2.3:o:fedoraproject:fedora:28
  • Fedora 29
    cpe:2.3:o:fedoraproject:fedora:29
  • cpe:2.3:o:fedoraproject:fedora:30
    cpe:2.3:o:fedoraproject:fedora:30
  • openSUSE Leap 15.0
    cpe:2.3:o:opensuse:leap:15.0
  • openSUSE Leap 42.3
    cpe:2.3:o:opensuse:leap:42.3
  • NTP NTP 4.2.8
    cpe:2.3:a:ntp:ntp:4.2.8
  • NTP 4.2.8 Patch 1
    cpe:2.3:a:ntp:ntp:4.2.8:p1
  • cpe:2.3:a:ntp:ntp:4.2.8:p10
    cpe:2.3:a:ntp:ntp:4.2.8:p10
  • cpe:2.3:a:ntp:ntp:4.2.8:p11
    cpe:2.3:a:ntp:ntp:4.2.8:p11
  • cpe:2.3:a:ntp:ntp:4.2.8:p12
    cpe:2.3:a:ntp:ntp:4.2.8:p12
  • NTP 4.2.8 Patch 1 Beta 1
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta1
  • NTP 4.2.8 Patch 1 Beta 2
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta2
  • NTP 4.2.8 Patch 1 Beta 3
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta3
  • NTP 4.2.8 Patch 1 Beta 4
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta4
  • NTP 4.2.8 Patch 1 Beta5
    cpe:2.3:a:ntp:ntp:4.2.8:p1_beta5
  • NTP 4.2.8 Patch 1 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.8:p1_rc1
  • NTP 4.2.8 Patch 1 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.8:p1_rc2
  • NTP 4.2.8 Patch 2
    cpe:2.3:a:ntp:ntp:4.2.8:p2
  • NTP 4.2.8 Patch 2 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.8:p2_rc1
  • NTP 4.2.8 Patch 2 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.8:p2_rc2
  • NTP 4.2.8 Patch 2 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.8:p2_rc3
  • NTP 4.2.8 Patch 3
    cpe:2.3:a:ntp:ntp:4.2.8:p3
  • NTP 4.2.8 Patch 3 Release Candidate 1
    cpe:2.3:a:ntp:ntp:4.2.8:p3_rc1
  • NTP 4.2.8 Patch 3 Release Candidate 2
    cpe:2.3:a:ntp:ntp:4.2.8:p3_rc2
  • NTP 4.2.8 Patch 3 Release Candidate 3
    cpe:2.3:a:ntp:ntp:4.2.8:p3_rc3
  • NTP 4.2.8 Patch 4
    cpe:2.3:a:ntp:ntp:4.2.8:p4
  • NTP 4.2.8 Patch 5
    cpe:2.3:a:ntp:ntp:4.2.8:p5
  • NTP 4.2.8 Patch 6
    cpe:2.3:a:ntp:ntp:4.2.8:p6
  • NTP 4.2.8 Patch 7
    cpe:2.3:a:ntp:ntp:4.2.8:p7
  • NTP 4.2.8 Patch 9
    cpe:2.3:a:ntp:ntp:4.2.8:p9
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-476
CAPEC
refmap via4
bugtraq 20190515 FreeBSD Security Advisory FreeBSD-SA-19:04.ntp
confirm
fedora
  • FEDORA-2019-694e3aa4e8
  • FEDORA-2019-b0c7f0d94a
  • FEDORA-2019-f781d5c4c6
freebsd FreeBSD-SA-19:04
gentoo GLSA-201903-15
misc
suse
  • openSUSE-SU-2019:1143
  • openSUSE-SU-2019:1158
Last major update 15-05-2019 - 13:29
Published 15-05-2019 - 12:29
Last modified 20-05-2019 - 15:57
Back to Top