CVE-2017-6464Improper Input Validation in NTP

CWE-20Improper Input Validation11 documents9 sources
Severity
6.5MEDIUMNVD
OSV5.9
EPSS
2.5%
top 14.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
NTPDebian NTPApple Macos High Sierra
Timeline
PublishedMar 27
Latest updateMay 14

Description

NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/ntp< ntp 1:4.2.8p10+dfsg-1 (bullseye)
Debianntp/ntp< 1:4.2.8p10+dfsg-1
Ubuntuntp/ntp< 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11+1
NVDntp/ntp95 versions+94

Patches

Patch: support.ntp.orgPatch: support.ntp.org

🔴Vulnerability Details

3
GHSA
GHSA-x7p4-m2g6-wmgc: NTP before 42022-05-14
OSV
ntp vulnerabilities2017-07-05
OSV
CVE-2017-6464: NTP before 42017-03-27

📋Vendor Advisories

5
Apple
CVE-2017-6464: macOS High Sierra 10.132017-09-25
Ubuntu
NTP vulnerabilities2017-07-05
BSD
FreeBSD-SA-17:03.ntp: Multiple vulnerabilities of ntp2017-04-12
Red Hat
ntp: Denial of Service via Malformed Config2017-03-21
Debian
CVE-2017-6464: ntp - NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a d...2017

💬Community

2
Bugzilla
CVE-2017-6464 CVE-2017-6462 CVE-2017-6463 CVE-2017-6458 CVE-2017-6451 ntp: various flaws [fedora-all]2017-03-23
Bugzilla
CVE-2017-6464 ntp: Denial of Service via Malformed Config2017-03-20