CVE-2015-7976

MEDIUM4.3EPSS 3.2%

Published: 1/30/2017Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-7976

Description

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

Affected packages (1)

Debian/ntpfrom 0, < 1:4.2.8p7+dfsg-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-7976