CVE-2017-6459

MEDIUM

Ntp - Memory Corruption

Title source: rule

Description

The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.

References (5)

[Vendor Advisory] http://support.ntp.org/bin/view/Main/NtpBug3382

[Vendor Advisory] http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97076

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038123

[Vendor Advisory] https://support.apple.com/HT208144

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 16.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-119

Status published

Affected Products (50)

ntp/ntp

... and 35 more

Timeline

Published Mar 27, 2017

Tracked Since Feb 18, 2026