CVE-2017-6451

HIGH

NTP < 4.2.8p10 and 4.3.x < 4.3.94 - Out-of-bounds Write in MX4200 Refclock

Title source: llm
STIX 2.1

Description

The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.

References (7)

Core 7
Core References
Patch, Vendor Advisory x_refsource_confirm
http://support.ntp.org/bin/view/Main/NtpBug3378
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038123
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97058
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208144
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039427

Scores

CVSS v3 7.8
EPSS 0.0048
EPSS Percentile 38.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (50)
ntp/ntp 4.2.8 p9
ntp/ntp 4.3.0
ntp/ntp 4.3.1
ntp/ntp 4.3.2
ntp/ntp 4.3.3
ntp/ntp 4.3.4
ntp/ntp 4.3.5
ntp/ntp 4.3.6
ntp/ntp 4.3.7
ntp/ntp 4.3.8
... and 40 more
Published Mar 27, 2017
Tracked Since Feb 18, 2026