Is the NET+OS development environment vulnerable to CVE-2014-9295?

Problem: According to,
"Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl-putdata function, and (3) the configure function."

Analysis: The NTP(SNTP) implementation in the NET+OS development environment, does not use SSL encryption in the sending and receiving of packets. Thus the NET+OS development is not vulnerable to CVE-2914-9295.

Customer actions: No customer actions are required.


"Vulnerability Summary for CVE-2014-9295". NIST. National Vulnerability Database.
Last updated: Jun 21, 2019

Recently Viewed

No recently viewed articles

Did you find this article helpful?