CVE-2009-1252

Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.

Published: 2009-05-19 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2009-1252 is rated Moderate Risk (63.6/100): CVSS Medium severity, with high exploitation likelihood (EPSS 70.25%, 99th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +1.85% over the last day, indicating growing attacker interest. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2009-1252

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-03-16 68.40% 70.25% +1.85%
2 2026-02-05 50.24% 68.40% +18.15%
3 2026-02-01 50.24%

Full EPSS history (17 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2009-1252

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.8 2.0 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 8.6 6.4 [email protected]

Weakness enumeration for CVE-2009-1252

OS Trackers for CVE-2009-1252

vendor priority summary link
debian high CVE-2009-1252 high priority: Debian including 1 source packages (ntp), 1 status rows across 1 suites (bullseye): resolved 1. https://security-tracker.debian.org/tracker/CVE-2009-1252
gentoo high CVE-2009-1252: 1 GLSA(s) (200905-08), 1 atom(s) (net-misc/ntp); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2009-1252
redhat high https://access.redhat.com/security/cve/CVE-2009-1252
ubuntu medium CVE-2009-1252 medium priority: Ubuntu including 1 source packages (ntp), 5 status rows across 5 suites (dapper, hardy, intrepid, jaunty, upstream): released 4, pending 1. https://ubuntu.com/security/CVE-2009-1252

Affected software / configurations for CVE-2009-1252

Vendor Product Version Raw CPE
ntp ntp 4.2.4p0 cpe:2.3:a:ntp:ntp:4.2.4p0:*:*:*:*:*:*:*
ntp ntp 4.2.4p1 cpe:2.3:a:ntp:ntp:4.2.4p1:*:*:*:*:*:*:*
ntp ntp 4.2.4p2 cpe:2.3:a:ntp:ntp:4.2.4p2:*:*:*:*:*:*:*
ntp ntp 4.2.4p3 cpe:2.3:a:ntp:ntp:4.2.4p3:*:*:*:*:*:*:*
ntp ntp 4.2.4p4 cpe:2.3:a:ntp:ntp:4.2.4p4:*:*:*:*:*:*:*
ntp ntp 4.2.4p5 cpe:2.3:a:ntp:ntp:4.2.4p5:*:*:*:*:*:*:*
ntp ntp 4.2.4p6 cpe:2.3:a:ntp:ntp:4.2.4p6:*:*:*:*:*:*:*
ntp ntp 4.2.5p0 cpe:2.3:a:ntp:ntp:4.2.5p0:*:*:*:*:*:*:*
ntp ntp 4.2.5p1 cpe:2.3:a:ntp:ntp:4.2.5p1:*:*:*:*:*:*:*
ntp ntp 4.2.5p2 cpe:2.3:a:ntp:ntp:4.2.5p2:*:*:*:*:*:*:*
ntp ntp 4.2.5p3 cpe:2.3:a:ntp:ntp:4.2.5p3:*:*:*:*:*:*:*
ntp ntp 4.2.5p4 cpe:2.3:a:ntp:ntp:4.2.5p4:*:*:*:*:*:*:*
ntp ntp 4.2.5p5 cpe:2.3:a:ntp:ntp:4.2.5p5:*:*:*:*:*:*:*
ntp ntp 4.2.5p6 cpe:2.3:a:ntp:ntp:4.2.5p6:*:*:*:*:*:*:*
ntp ntp 4.2.5p7 cpe:2.3:a:ntp:ntp:4.2.5p7:*:*:*:*:*:*:*
ntp ntp 4.2.5p8 cpe:2.3:a:ntp:ntp:4.2.5p8:*:*:*:*:*:*:*
ntp ntp 4.2.5p9 cpe:2.3:a:ntp:ntp:4.2.5p9:*:*:*:*:*:*:*
ntp ntp 4.2.5p10 cpe:2.3:a:ntp:ntp:4.2.5p10:*:*:*:*:*:*:*
ntp ntp 4.2.5p11 cpe:2.3:a:ntp:ntp:4.2.5p11:*:*:*:*:*:*:*
ntp ntp 4.2.5p12 cpe:2.3:a:ntp:ntp:4.2.5p12:*:*:*:*:*:*:*
ntp ntp 4.2.5p13 cpe:2.3:a:ntp:ntp:4.2.5p13:*:*:*:*:*:*:*
ntp ntp 4.2.5p14 cpe:2.3:a:ntp:ntp:4.2.5p14:*:*:*:*:*:*:*
ntp ntp 4.2.5p15 cpe:2.3:a:ntp:ntp:4.2.5p15:*:*:*:*:*:*:*
ntp ntp 4.2.5p16 cpe:2.3:a:ntp:ntp:4.2.5p16:*:*:*:*:*:*:*
ntp ntp 4.2.5p17 cpe:2.3:a:ntp:ntp:4.2.5p17:*:*:*:*:*:*:*
ntp ntp 4.2.5p18 cpe:2.3:a:ntp:ntp:4.2.5p18:*:*:*:*:*:*:*
ntp ntp 4.2.5p19 cpe:2.3:a:ntp:ntp:4.2.5p19:*:*:*:*:*:*:*
ntp ntp 4.2.5p20 cpe:2.3:a:ntp:ntp:4.2.5p20:*:*:*:*:*:*:*
ntp ntp 4.2.5p21 cpe:2.3:a:ntp:ntp:4.2.5p21:*:*:*:*:*:*:*
ntp ntp 4.2.5p23 cpe:2.3:a:ntp:ntp:4.2.5p23:*:*:*:*:*:*:*
ntp ntp 4.2.5p24 cpe:2.3:a:ntp:ntp:4.2.5p24:*:*:*:*:*:*:*
ntp ntp 4.2.5p25 cpe:2.3:a:ntp:ntp:4.2.5p25:*:*:*:*:*:*:*
ntp ntp 4.2.5p26 cpe:2.3:a:ntp:ntp:4.2.5p26:*:*:*:*:*:*:*
ntp ntp 4.2.5p27 cpe:2.3:a:ntp:ntp:4.2.5p27:*:*:*:*:*:*:*
ntp ntp 4.2.5p28 cpe:2.3:a:ntp:ntp:4.2.5p28:*:*:*:*:*:*:*
ntp ntp 4.2.5p29 cpe:2.3:a:ntp:ntp:4.2.5p29:*:*:*:*:*:*:*
ntp ntp 4.2.5p30 cpe:2.3:a:ntp:ntp:4.2.5p30:*:*:*:*:*:*:*
ntp ntp 4.2.5p31 cpe:2.3:a:ntp:ntp:4.2.5p31:*:*:*:*:*:*:*
ntp ntp 4.2.5p32 cpe:2.3:a:ntp:ntp:4.2.5p32:*:*:*:*:*:*:*
ntp ntp 4.2.5p33 cpe:2.3:a:ntp:ntp:4.2.5p33:*:*:*:*:*:*:*
ntp ntp 4.2.5p35 cpe:2.3:a:ntp:ntp:4.2.5p35:*:*:*:*:*:*:*
ntp ntp 4.2.5p36 cpe:2.3:a:ntp:ntp:4.2.5p36:*:*:*:*:*:*:*
ntp ntp 4.2.5p37 cpe:2.3:a:ntp:ntp:4.2.5p37:*:*:*:*:*:*:*
ntp ntp 4.2.5p38 cpe:2.3:a:ntp:ntp:4.2.5p38:*:*:*:*:*:*:*
ntp ntp 4.2.5p39 cpe:2.3:a:ntp:ntp:4.2.5p39:*:*:*:*:*:*:*
ntp ntp 4.2.5p40 cpe:2.3:a:ntp:ntp:4.2.5p40:*:*:*:*:*:*:*
ntp ntp 4.2.5p41 cpe:2.3:a:ntp:ntp:4.2.5p41:*:*:*:*:*:*:*
ntp ntp 4.2.5p42 cpe:2.3:a:ntp:ntp:4.2.5p42:*:*:*:*:*:*:*
ntp ntp 4.2.5p43 cpe:2.3:a:ntp:ntp:4.2.5p43:*:*:*:*:*:*:*
ntp ntp 4.2.5p44 cpe:2.3:a:ntp:ntp:4.2.5p44:*:*:*:*:*:*:*
ntp ntp 4.2.5p45 cpe:2.3:a:ntp:ntp:4.2.5p45:*:*:*:*:*:*:*
ntp ntp 4.2.5p46 cpe:2.3:a:ntp:ntp:4.2.5p46:*:*:*:*:*:*:*
ntp ntp 4.2.5p47 cpe:2.3:a:ntp:ntp:4.2.5p47:*:*:*:*:*:*:*
ntp ntp 4.2.5p48 cpe:2.3:a:ntp:ntp:4.2.5p48:*:*:*:*:*:*:*
ntp ntp 4.2.5p49 cpe:2.3:a:ntp:ntp:4.2.5p49:*:*:*:*:*:*:*
ntp ntp 4.2.5p50 cpe:2.3:a:ntp:ntp:4.2.5p50:*:*:*:*:*:*:*
ntp ntp 4.2.5p51 cpe:2.3:a:ntp:ntp:4.2.5p51:*:*:*:*:*:*:*
ntp ntp 4.2.5p52 cpe:2.3:a:ntp:ntp:4.2.5p52:*:*:*:*:*:*:*
ntp ntp 4.2.5p53 cpe:2.3:a:ntp:ntp:4.2.5p53:*:*:*:*:*:*:*
ntp ntp 4.2.5p54 cpe:2.3:a:ntp:ntp:4.2.5p54:*:*:*:*:*:*:*
ntp ntp 4.2.5p55 cpe:2.3:a:ntp:ntp:4.2.5p55:*:*:*:*:*:*:*
ntp ntp 4.2.5p56 cpe:2.3:a:ntp:ntp:4.2.5p56:*:*:*:*:*:*:*
ntp ntp 4.2.5p57 cpe:2.3:a:ntp:ntp:4.2.5p57:*:*:*:*:*:*:*
ntp ntp 4.2.5p58 cpe:2.3:a:ntp:ntp:4.2.5p58:*:*:*:*:*:*:*
ntp ntp 4.2.5p59 cpe:2.3:a:ntp:ntp:4.2.5p59:*:*:*:*:*:*:*
ntp ntp 4.2.5p60 cpe:2.3:a:ntp:ntp:4.2.5p60:*:*:*:*:*:*:*
ntp ntp 4.2.5p61 cpe:2.3:a:ntp:ntp:4.2.5p61:*:*:*:*:*:*:*
ntp ntp 4.2.5p62 cpe:2.3:a:ntp:ntp:4.2.5p62:*:*:*:*:*:*:*
ntp ntp 4.2.5p63 cpe:2.3:a:ntp:ntp:4.2.5p63:*:*:*:*:*:*:*
ntp ntp 4.2.5p64 cpe:2.3:a:ntp:ntp:4.2.5p64:*:*:*:*:*:*:*
ntp ntp 4.2.5p65 cpe:2.3:a:ntp:ntp:4.2.5p65:*:*:*:*:*:*:*
ntp ntp 4.2.5p66 cpe:2.3:a:ntp:ntp:4.2.5p66:*:*:*:*:*:*:*
ntp ntp 4.2.5p67 cpe:2.3:a:ntp:ntp:4.2.5p67:*:*:*:*:*:*:*
ntp ntp 4.2.5p68 cpe:2.3:a:ntp:ntp:4.2.5p68:*:*:*:*:*:*:*
ntp ntp 4.2.5p69 cpe:2.3:a:ntp:ntp:4.2.5p69:*:*:*:*:*:*:*
ntp ntp 4.2.5p70 cpe:2.3:a:ntp:ntp:4.2.5p70:*:*:*:*:*:*:*
ntp ntp 4.2.5p71 cpe:2.3:a:ntp:ntp:4.2.5p71:*:*:*:*:*:*:*
ntp ntp 4.2.5p73 cpe:2.3:a:ntp:ntp:4.2.5p73:*:*:*:*:*:*:*

References for CVE-2009-1252

URL Tags
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://rhn.redhat.com/errata/RHSA-2009-1039.html Patch
http://rhn.redhat.com/errata/RHSA-2009-1040.html Patch
http://secunia.com/advisories/35137
http://secunia.com/advisories/35138
http://secunia.com/advisories/35166
http://secunia.com/advisories/35169
http://secunia.com/advisories/35243
http://secunia.com/advisories/35253
http://secunia.com/advisories/35308
http://secunia.com/advisories/35336
http://secunia.com/advisories/35388
http://secunia.com/advisories/35416
http://secunia.com/advisories/35630
http://secunia.com/advisories/37470
http://secunia.com/advisories/37471
http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566238
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092
http://www.debian.org/security/2009/dsa-1801
http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml
http://www.kb.cert.org/vuls/id/853097 US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2009:117
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/35017
http://www.securitytracker.com/id?1022243
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/1361
http://www.vupen.com/english/advisories/2009/3316
https://bugzilla.redhat.com/show_bug.cgi?id=499694 Patch
https://launchpad.net/bugs/cve/2009-1252
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307
https://support.ntp.org/bugs/show_bug.cgi?id=1151
https://usn.ubuntu.com/777-1/
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html
cvelogic Threat Intelligence