CVE-2009-1252

EPSS 70.2%

Published: 5/19/2009Modified: 4/28/2026

Also known as:DEBIAN-CVE-2009-1252

Description

Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.

Affected packages (1)

Debian/ntpfrom 0, < 1:4.2.4p6+dfsg-2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-1252