{"id":"CVE-2016-7426","details":"NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.","modified":"2026-04-16T06:20:55.942229515Z","published":"2017-01-13T16:59:00.323Z","related":["SUSE-SU-2016:3193-1","SUSE-SU-2016:3195-1","SUSE-SU-2016:3196-1","SUSE-SU-2017:0255-1","openSUSE-SU-2024:10181-1"],"references":[{"type":"ADVISORY","url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3707-2/"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0252.html"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1037354"},{"type":"ADVISORY","url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us"},{"type":"ADVISORY","url":"https://www.kb.cert.org/vuls/id/633847"},{"type":"ADVISORY","url":"http://nwtime.org/ntp428p9_release/"},{"type":"ADVISORY","url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94451"},{"type":"ADVISORY","url":"https://bto.bluecoat.com/security-advisory/sa139"},{"type":"REPORT","url":"http://support.ntp.org/bin/view/Main/NtpBug3071"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"4.2.6"},{"fixed":"4.2.8"}]},{"events":[{"introduced":"4.3.0"},{"fixed":"4.3.94"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p203"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p204"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p205"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p206"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p207"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p208"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p209"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p210"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p211"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p212"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p213"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p214"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p215"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p216"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p217"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p218"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p219"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p220"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p221"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p222"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p223"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p224"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p225"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p226"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p227"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p228"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p229"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p230"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p231_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p232_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p233_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p234_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p235_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p236_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p237_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p238_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p239_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p240_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p241_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p242_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p243_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p244_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p245_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p246_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p247_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p248_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p249_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.5-p250_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p1\\-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p1\\-beta2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p1\\-beta3"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p1\\-beta4"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p1\\-beta5"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p1\\-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p1\\-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p2\\-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p2\\-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p2\\-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p3"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p3\\-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p3\\-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p3\\-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p4"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p5"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p6"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p7"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p8"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"b.11.31"},{"fixed":"c.4.2.8.2.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7426.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}