CVE-2017-6452 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Macos High Sierra

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 66.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos High Sierra NTP Debian NTP

Timeline

PublishedMar 27

Latest updateMay 17

Description

Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDntp/ntp95 versions+94

▶debiandebian/ntp

▶Appleapple/macos_high_sierra10.13

Patches

Patch: support.ntp.org ↗Patch: support.ntp.org ↗

🔴Vulnerability Details

GHSA

GHSA-q9v2-7fch-g9q6: Stack-based buffer overflow in the Windows installer for NTP before 4↗2022-05-17

▶

📋Vendor Advisories

Apple

CVE-2017-6452: macOS High Sierra 10.13↗2017-09-25

▶

Red Hat

ntp: Stack Buffer Overflow from Command Line↗2017-03-21

▶

Debian

CVE-2017-6452: ntp - Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and...↗2017

▶

💬Community

Bugzilla

CVE-2017-6452 ntp: Stack Buffer Overflow from Command Line↗2017-03-24

▶