Vulnerability Description
Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ntp | Ntp | 4.2.8 |
Related Weaknesses (CWE)
References
- http://support.ntp.org/bin/view/Main/NtpBug3383PatchVendor Advisory
- http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Vendor Advisory
- http://www.securityfocus.com/bid/97078Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038123Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039427
- https://support.apple.com/HT208144
- http://support.ntp.org/bin/view/Main/NtpBug3383PatchVendor Advisory
- http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Vendor Advisory
- http://www.securityfocus.com/bid/97078Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038123Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039427
- https://support.apple.com/HT208144
FAQ
What is CVE-2017-6452?
CVE-2017-6452 is a vulnerability with a CVSS score of 7.8 (HIGH). Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.
How severe is CVE-2017-6452?
CVE-2017-6452 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6452?
Check the references section above for vendor advisories and patch information. Affected products include: Ntp Ntp.