CVE-2020-15025

Reference Links

• https://exchange.xforce.ibmcloud.com/vulnerabilities/184004
• https://www.ibm.com/support/pages/node/6335281 (Advisory)
• http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html
• http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html
• https://bugs.gentoo.org/729458
• https://security.gentoo.org/glsa/202007-12
• https://security.netapp.com/advisory/ntap-20200702-0002/
• https://support.ntp.org/bin/view/Main/NtpBug3661
• https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
• https://www.oracle.com/security-alerts/cpujan2021.html

Parent vulnerabilities

(Appears in the following advisories)

• IBM-6335281

Frequently Asked Questions

• What is CVE-2020-15025?

  CVE-2020-15025 is a vulnerability in ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 that allows remote attackers to cause a denial of service by consuming all available memory resources.

• How severe is CVE-2020-15025?

  CVE-2020-15025 has a severity rating of 4.9 (Medium).

• Which software is affected by CVE-2020-15025?

  The software affected by CVE-2020-15025 includes IBM Data Risk Manager (version up to 2.0.6) and NTP (versions 4.2.8-p11 to 4.2.8-p15 and 4.3.97 to 4.3.101).

• How can I fix CVE-2020-15025?

  To fix CVE-2020-15025, apply the necessary patches provided by the vendor or update to a fixed version of the software.

• Where can I find more information about CVE-2020-15025?

  You can find more information about CVE-2020-15025 at the following references: [IBM X-Force](https://exchange.xforce.ibmcloud.com/vulnerabilities/184004), [IBM Support](https://www.ibm.com/support/pages/node/6335281), [openSUSE Security Announce](http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html).