Problem: According to https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9295,
"Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl-putdata function, and (3) the configure function."
Analysis: The NTP(SNTP) implementation in the NET+OS development environment, does not use SSL encryption in the sending and receiving of packets. Thus the NET+OS development is not vulnerable to CVE-2914-9295.
Customer actions: No customer actions are required.
Citations:
"Vulnerability Summary for CVE-2014-9295". NIST. National Vulnerability Database.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9295
Last updated:
Jun 21, 2019