What is CVE-2014-9295?

CVE-2014-9295 is a vulnerability in Ntp, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-12-20.

Is CVE-2014-9295 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Ntp

CVE-2014-9295

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_p…

Vulnerability class: Buffer Overflow

EPSS: 0.573 (98.2th percentile) — read the EPSS interpretation.

Affected products

Ntp
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products (x_refsource_CISCO, vendor-advisory)
71761 (vdb-entry, x_refsource_BID)
HPSBGN03277 (x_refsource_HP, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
VU#852879 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)
HPSBUX03240 (x_refsource_HP, vendor-advisory)
RHSA-2014:2025 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2014-9295?: CVE-2014-9295 is a vulnerability in Ntp, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-12-20.
Is CVE-2014-9295 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.