VDB
GCVE-110-MAGEIA-2016-277
GCVE-110-MAGEIA-2016-277
Advisory Published
The busybox NTP implementation doesn't check the NTP mode of packets
received on the server port and responds to any packet with the right
size. This includes responses from another NTP server. An attacker can
send a packet with a spoofed source address in order to create an infinite
loop of responses between two busybox NTP servers. Adding more packets to
the loop increases the traffic between the servers until one of them has a
fully loaded CPU and/or network (CVE-2016-6301).
The affected code originated from openntpd, which had fixed it upstream,
but the fix had not made it into Mageia's openntpd package. It has also
been patched with the fix in this update.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | busybox | 1.22.1-5.3.mga5 (unaffected), 0 (affected) | — |
| Mageia | openntpd | 0 (affected), 3.9p1-11.1.mga5 (unaffected) | — |
Aliases
Browse GCVE Records
73,196 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.