CVE-2017-6451
HIGHNTP < 4.2.8p10 and 4.3.x < 4.3.94 - Out-of-bounds Write in MX4200 Refclock
Title source: llmDescription
The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.
References (7)
Core 7
Core References
Patch, Vendor Advisory x_refsource_confirm
http://support.ntp.org/bin/view/Main/NtpBug3378
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038123
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97058
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208144
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039427
Vendor Advisory x_refsource_confirm
http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
Vendor Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
Scores
CVSS v3
7.8
EPSS
0.0048
EPSS Percentile
38.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (50)
ntp/ntp
4.2.8 p9
ntp/ntp
4.3.0
ntp/ntp
4.3.1
ntp/ntp
4.3.2
ntp/ntp
4.3.3
ntp/ntp
4.3.4
ntp/ntp
4.3.5
ntp/ntp
4.3.6
ntp/ntp
4.3.7
ntp/ntp
4.3.8
... and 40 more
Published
Mar 27, 2017
Tracked Since
Feb 18, 2026