NTP BUG 3661: Memory leak with CMAC keys

Last update: April 22, 2024 18:49 UTC (7e7bd5857)

---

Summary

Resolved	4.2.8p15 Development (4.3.101)	23 Jun 2020
References	Bug 3661	CVE-2020-15025
Affects	ntp-4.2.8p11 up to, but not including ntp-4.2.8p15 4.3.97 up to, but not including 4.3.101	Resolved in 4.2.8p15 and 4.3.101
CVSS2 Score	6.3	AV:N/AC:M/Au:S/C:N/I:N/A:C
CVSS3.1 Score	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

---

Description

Systems that use a CMAC algorithm in ntp.keys will not release a bit of memory on each packet that uses a CMAC keyid, eventually causing ntpd to run out of memory and fail. The CMAC cleanup, part of ntp-4.2.8p11, introduced a bug whereby the CMAC data structure was no longer completely removed.

---

Mitigation

• If you are using ntp-4.2.8p11 through ntp-4.2.8p14 or ntp-4.3.97 through ntp-4.3.100, either don’t use CMAC keys, or make sure you have a way to restart ntpd if/when it crashes.
• Upgrade to 4.2.8p15 or later.

---

Credit

Reported by Martin Burnicki of Meinberg.

---

Timeline

• 2020 Jun 23: Public release
• 2020 Apr 12: Early Access Program Release: Premier and Partner Institutional Members
• 2020 Apr 07: Advance Notification to Institutional Members
• 2020 Apr 01: Notification from reporter