VDB
GCVE-110-MAGEIA-2015-413
GCVE-110-MAGEIA-2015-413
Advisory Published
It was found that ntpd did not correctly implement the threshold
limitation for the '-g' option, which is used to set the time without any
restrictions.
A man-in-the-middle attacker able to intercept NTP traffic between a
connecting client and an NTP server could use this flaw to force that
client to make multiple steps larger than the panic threshold, effectively
changing the time to an arbitrary value at any time (CVE-2015-5300).
Slow memory leak in CRYPTO_ASSOC with autokey (CVE-2015-7701).
Incomplete autokey data packet length checks could result in crash caused
by a crafted packet (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702).
Clients that receive a KoD should validate the origin timestamp field
(CVE-2015-7704).
ntpq atoascii() Memory Corruption Vulnerability could result in ntpd crash
caused by a crafted packet (CVE-2015-7852).
Symmetric association authentication bypass via crypto-NAK
(CVE-2015-7871).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | ntp | 0 (affected), * (unaffected) | — |
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.