CVE-2009-0159

Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.

Published: Apr 14, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-0159
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
ntp / ntp	4.2.2	4.2.2.x
ntp / ntp	4.2.0	4.2.0.x
ntp / ntp	4.2.4p5	4.2.4p5.x
ntp / ntp	4.2.4p4	4.2.4p4.x
ntp / ntp	4.0.98	4.0.98.x
ntp / ntp	4.0.72	4.0.72.x
ntp / ntp	4.2.4p2	4.2.4p2.x
ntp / ntp	4.0.90	4.0.90.x
ntp / ntp	4.0.96	4.0.96.x
ntp / ntp	4.0.93	4.0.93.x
ntp / ntp	-	4.2.4p7.x
ntp / ntp	4.1.0	4.1.0.x
ntp / ntp	4.2.4p1	4.2.4p1.x
ntp / ntp	4.1.2	4.1.2.x
ntp / ntp	4.0.99	4.0.99.x
ntp / ntp	4.0.95	4.0.95.x
ntp / ntp	4.2.2p3	4.2.2p3.x
ntp / ntp	4.2.2p2	4.2.2p2.x
ntp / ntp	4.0.92	4.0.92.x
ntp / ntp	4.0.73	4.0.73.x
ntp / ntp	4.2.4p3	4.2.4p3.x
ntp / ntp	4.0.97	4.0.97.x
ntp / ntp	4.2.4	4.2.4.x
ntp / ntp	4.2.2p4	4.2.2p4.x
ntp / ntp	4.0.91	4.0.91.x
ntp / ntp	4.2.2p1	4.2.2p1.x
ntp / ntp	4.2.4p0	4.2.4p0.x
ntp / ntp	4.0.94	4.0.94.x
ntp / ntp	4.2.4p6	4.2.4p6.x

Vulnerability Database

289,599

CVE-2009-0159