CVE-2017-6451 — Out-of-bounds Write in Apple Macos High Sierra

CWE-787 — Out-of-bounds Write CWE-121 — Stack-based Buffer Overflow7 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 62.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos High Sierra NTP Debian NTP

Timeline

PublishedMar 27

Latest updateMay 17

Description

The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDntp/ntp95 versions+94

▶debiandebian/ntp

▶Appleapple/macos_high_sierra10.13

Patches

Patch: support.ntp.org ↗Patch: support.ntp.org ↗

🔴Vulnerability Details

GHSA

GHSA-mg4x-c4g8-f6h5: The mx4200_send function in the legacy MX4200 refclock in NTP before 4↗2022-05-17

▶

📋Vendor Advisories

Apple

CVE-2017-6451: macOS High Sierra 10.13↗2017-09-25

▶

Red Hat

ntp: Improper use of snprintf() in mx4200_send()↗2017-03-21

▶

Debian

CVE-2017-6451: ntp - The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 an...↗2017

▶

💬Community

Bugzilla

CVE-2017-6464 CVE-2017-6462 CVE-2017-6463 CVE-2017-6458 CVE-2017-6451 ntp: various flaws [fedora-all]↗2017-03-23

▶

Bugzilla

CVE-2017-6451 ntp: Improper use of snprintf() in mx4200_send()↗2017-03-20

▶