CVE-2017-6460
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
27/03/2017
Last modified:
20/04/2025
Description
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://support.ntp.org/bin/view/Main/NtpBug3377
- http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
- http://www.securityfocus.com/bid/97052
- http://www.securitytracker.com/id/1038123
- https://security.paloaltonetworks.com/CVE-2017-6460
- https://support.apple.com/HT208144
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
- http://support.ntp.org/bin/view/Main/NtpBug3377
- http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
- http://www.securityfocus.com/bid/97052
- http://www.securitytracker.com/id/1038123
- https://security.paloaltonetworks.com/CVE-2017-6460
- https://support.apple.com/HT208144
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us