CVE-2014-9295
EPSS 57.3%
Description
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
How to fix CVE-2014-9295
To remediate CVE-2014-9295, upgrade the affected package to a fixed version below.
- Debian/ntp—upgrade to 1:4.2.6.p5+dfsg-3.2 or later
Is CVE-2014-9295 being exploited?
Likely — EPSS is 57.3%, placing CVE-2014-9295 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (1)
- from 0, < 1:4.2.6.p5+dfsg-3.2