7.8
CVSSv3

CVE-2017-6451

CVSSv4: NA | CVSSv3: 7.8 | CVSSv2: 4.6 | VMScore: 880 | EPSS: 0.00042 | KEV: Not Included
Published: 27/03/2017 Updated: 21/11/2024

Vulnerability Summary

The mx4200_send function in the legacy MX4200 refclock in NTP prior to 4.2.8p10 and 4.3.x prior to 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp 4.2.8

ntp ntp 4.3.0

ntp ntp 4.3.1

ntp ntp 4.3.2

ntp ntp 4.3.3

ntp ntp 4.3.4

ntp ntp 4.3.5

ntp ntp 4.3.6

ntp ntp 4.3.7

ntp ntp 4.3.8

ntp ntp 4.3.9

ntp ntp 4.3.10

ntp ntp 4.3.11

ntp ntp 4.3.12

ntp ntp 4.3.13

ntp ntp 4.3.14

ntp ntp 4.3.15

ntp ntp 4.3.16

ntp ntp 4.3.17

ntp ntp 4.3.18

ntp ntp 4.3.19

ntp ntp 4.3.20

ntp ntp 4.3.21

ntp ntp 4.3.22

ntp ntp 4.3.23

ntp ntp 4.3.24

ntp ntp 4.3.25

ntp ntp 4.3.26

ntp ntp 4.3.27

ntp ntp 4.3.28

ntp ntp 4.3.29

ntp ntp 4.3.30

ntp ntp 4.3.31

ntp ntp 4.3.32

ntp ntp 4.3.33

ntp ntp 4.3.34

ntp ntp 4.3.35

ntp ntp 4.3.36

ntp ntp 4.3.37

ntp ntp 4.3.38

ntp ntp 4.3.39

ntp ntp 4.3.40

ntp ntp 4.3.41

ntp ntp 4.3.42

ntp ntp 4.3.43

ntp ntp 4.3.44

ntp ntp 4.3.45

ntp ntp 4.3.46

ntp ntp 4.3.47

ntp ntp 4.3.48

ntp ntp 4.3.49

ntp ntp 4.3.50

ntp ntp 4.3.51

ntp ntp 4.3.52

ntp ntp 4.3.53

ntp ntp 4.3.54

ntp ntp 4.3.55

ntp ntp 4.3.56

ntp ntp 4.3.57

ntp ntp 4.3.58

ntp ntp 4.3.59

ntp ntp 4.3.60

ntp ntp 4.3.61

ntp ntp 4.3.62

ntp ntp 4.3.63

ntp ntp 4.3.64

ntp ntp 4.3.65

ntp ntp 4.3.66

ntp ntp 4.3.67

ntp ntp 4.3.68

ntp ntp 4.3.69

ntp ntp 4.3.70

ntp ntp 4.3.71

ntp ntp 4.3.72

ntp ntp 4.3.73

ntp ntp 4.3.74

ntp ntp 4.3.75

ntp ntp 4.3.76

ntp ntp 4.3.77

ntp ntp 4.3.78

ntp ntp 4.3.79

ntp ntp 4.3.80

ntp ntp 4.3.81

ntp ntp 4.3.82

ntp ntp 4.3.83

ntp ntp 4.3.84

ntp ntp 4.3.85

ntp ntp 4.3.86

ntp ntp 4.3.87

ntp ntp 4.3.88

ntp ntp 4.3.89

ntp ntp 4.3.90

ntp ntp 4.3.91

ntp ntp 4.3.92

ntp ntp 4.3.93

Vendor Advisories

Denial of Service via Malformed Config:A vulnerability was discovered in the NTP server's parsing of configuration directives A remote, authenticated attacker could cause ntpd to crash by sending a crafted message(CVE-2017-6464) Potential Overflows in ctl_put() functions:A vulnerability was found in NTP, in the building of response packets with c ...