CVE-2017-6459 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Macos High Sierra

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 83.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos High Sierra NTP Debian NTP

Timeline

PublishedMar 27

Latest updateMay 17

Description

The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDntp/ntp95 versions+94

▶debiandebian/ntp

▶Appleapple/macos_high_sierra10.13

🔴Vulnerability Details

GHSA

GHSA-rw62-mpgh-xjjx: The Windows installer for NTP before 4↗2022-05-17

▶

📋Vendor Advisories

Apple

CVE-2017-6459: macOS High Sierra 10.13↗2017-09-25

▶

Red Hat

ntp: Data Structure terminated insufficiently↗2017-03-21

▶

Debian

CVE-2017-6459: ntp - The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows loc...↗2017

▶

💬Community

Bugzilla

CVE-2017-6459 ntp: Data Structure terminated insufficiently↗2017-03-24

▶