Vulnerability Summary CVE: CVE-2015-7854 Vulnerability: password length memory corruption Component: ntp Versions Affected: ntp 4.2.8p4 Status: CLOSED NOTABUG Key Information Potential Issue Description: A potential buffer overflow vulnerability exists in the password management functionality of ntp. A specially crafted key file could cause a buffer overflow potentially resulting in memory being modified. An attacker could provide a malicious password to trigger this vulnerability. Reference: TALOS-2015-0065 Impact on Red Hat Statement: This issue did not affect the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, and 7. Remediation Fix Provided: In version 4.2.8, the key size is written in dynamically allocated memory. The relevant code handles the size allocation and is not vulnerable to the reported buffer overflow. Upstream Patch: Available at ntp-project/ntp commit