What is CVE-2009-1252?

CVE-2009-1252 is a vulnerability in N/a. Published 2009-05-19.

Is CVE-2009-1252 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2009-1252

Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet c…

EPSS: 0.702 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

USN-777-1 (x_refsource_UBUNTU, vendor-advisory)
35137 (x_refsource_SECUNIA, third-party-advisory)
35166 (x_refsource_SECUNIA, third-party-advisory)
37470 (x_refsource_SECUNIA, third-party-advisory)
35388 (x_refsource_SECUNIA, third-party-advisory)
35243 (x_refsource_SECUNIA, third-party-advisory)
37471 (x_refsource_SECUNIA, third-party-advisory)
DSA-1801 (vendor-advisory, x_refsource_DEBIAN)
FEDORA-2009-5275 (x_refsource_FEDORA, vendor-advisory)
35308 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2009-1252?: CVE-2009-1252 is a vulnerability in N/a. Published 2009-05-19.
Is CVE-2009-1252 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.