CVE-2017-6458 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple MAC OS X

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow10 documents9 sources

Severity

8.8HIGHNVD

EPSS

9.4%

top 7.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NTP Apple MAC OS X HPE Hpux-ntp

Timeline

PublishedMar 27

Latest updateMay 13

Description

Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDntp/ntp4.3.0 — 4.3.94+2

▶NVDhpe/hpux-ntp< c.4.2.8.4.0

▶NVDapple/mac_os_x10.8.0 — 10.13

▶Debianntp/ntp< 1:4.2.8p10+dfsg-1

Patches

Patch: support.ntp.org ↗Patch: support.ntp.org ↗

🔴Vulnerability Details

GHSA

GHSA-q29q-rg5m-wg5j: Multiple buffer overflows in the ctl_put* functions in NTP before 4↗2022-05-13

▶

OSV

CVE-2017-6458: Multiple buffer overflows in the ctl_put* functions in NTP before 4↗2017-03-27

▶

CVEList

CVE-2017-6458: Multiple buffer overflows in the ctl_put* functions in NTP before 4↗2017-03-27

▶

📋Vendor Advisories

Apple

CVE-2017-6458: macOS High Sierra 10.13↗2017-09-25

▶

Ubuntu

NTP vulnerabilities↗2017-07-05

▶

Red Hat

ntp: Potential Overflows in ctl_put() functions↗2017-03-21

▶

Debian

CVE-2017-6458: ntp - Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4...↗2017

▶

💬Community

Bugzilla

CVE-2017-6464 CVE-2017-6462 CVE-2017-6463 CVE-2017-6458 CVE-2017-6451 ntp: various flaws [fedora-all]↗2017-03-23

▶

Bugzilla

CVE-2017-6458 ntp: Potential Overflows in ctl_put() functions↗2017-03-20

▶