ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
Conclusion & alert: CVE-2015-7977 is rated Moderate Risk (51.1/100): CVSS Medium severity, with high exploitation likelihood (EPSS 6.35%, 93th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 16.35% | 6.35% | -10.00% |
| 2 | 2026-03-13 | 14.84% | 16.35% | +1.51% |
| 3 | 2026-02-18 | — | 14.84% | — |
Full EPSS history (19 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.9 | 3.1 | MEDIUM |
|
2.2 | 3.6 | [email protected] |
| 4.3 | 2.0 | MEDIUM |
|
8.6 | 2.9 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2015-7977 not yet assigned priority: Debian including 1 source packages (ntp), 1 status rows across 1 suites (bullseye): resolved 1. | https://security-tracker.debian.org/tracker/CVE-2015-7977 |
gentoo
|
normal | CVE-2015-7977: 1 GLSA(s) (201607-15), 1 atom(s) (net-misc/ntp); latest impact normal. | https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2015-7977 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2015-7977 |
suse
|
medium | CVE-2015-7977 severity moderate: SUSE including 32 source package names (ntp-4.2.6p5-25.el7, ntp-4.2.8p10-63.3, …), 95 product×package rows across 57 product lines (Image SLES12-SP5-Azure-BYOS, Image SLES12-SP5-Azure-Basic-On-Demand, … (57 product lines)): Fixed 95. | https://www.suse.com/security/cve/CVE-2015-7977/ |
ubuntu
|
medium | CVE-2015-7977 medium priority: Ubuntu including 1 source packages (ntp), 8 status rows across 8 suites (precise, trusty, upstream, vivid, wily, xenial, yakkety, zesty): released 4, ignored 2, not-affected 2. | https://ubuntu.com/security/CVE-2015-7977 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| ntp | ntp | <= 4.2.8 | cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:* |
| ntp | ntp | >= 4.3.0, < 4.3.90 | cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:* |
| ntp | ntp | 4.2.8 | cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:* |
| oracle | linux | 6 | cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:* |
| siemens | tim_4r-ie_firmware | — | cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:* |
| siemens | tim_4r-ie_dnp3_firmware | — | cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:-:*:*:*:*:*:*:* |
| netapp | clustered_data_ontap | — | cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* |
| netapp | oncommand_balance | — | cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:-:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p1:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p10:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p12:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p13:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p16:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p19:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p2:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p20:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p21:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p22:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p23:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p24:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p25:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p28:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p3:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p30:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p31:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p32:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p33:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p34:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p5:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p6:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p7:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p8:*:*:*:*:*:* |
| freebsd | freebsd | 9.3 | cpe:2.3:o:freebsd:freebsd:9.3:p9:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:-:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p1:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p10:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p12:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p15:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p16:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p17:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p18:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p19:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p2:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p22:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p24:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p25:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p26:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p27:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p3:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p4:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p5:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p6:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p7:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p8:*:*:*:*:*:* |
| freebsd | freebsd | 10.1 | cpe:2.3:o:freebsd:freebsd:10.1:p9:*:*:*:*:*:* |
| freebsd | freebsd | 10.2 | cpe:2.3:o:freebsd:freebsd:10.2:-:*:*:*:*:*:* |
| freebsd | freebsd | 10.2 | cpe:2.3:o:freebsd:freebsd:10.2:p1:*:*:*:*:*:* |
| freebsd | freebsd | 10.2 | cpe:2.3:o:freebsd:freebsd:10.2:p10:*:*:*:*:*:* |
| freebsd | freebsd | 10.2 | cpe:2.3:o:freebsd:freebsd:10.2:p2:*:*:*:*:*:* |
| freebsd | freebsd | 10.2 | cpe:2.3:o:freebsd:freebsd:10.2:p5:*:*:*:*:*:* |
| freebsd | freebsd | 10.2 | cpe:2.3:o:freebsd:freebsd:10.2:p7:*:*:*:*:*:* |