{"id":"CVE-2017-6451","details":"The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.","modified":"2026-03-15T22:24:30.952392Z","published":"2017-03-27T17:59:00.523Z","related":["MGASA-2017-0134","SUSE-SU-2017:1047-1","SUSE-SU-2017:1048-1","SUSE-SU-2017:1052-1","openSUSE-SU-2024:11102-1"],"references":[{"type":"WEB","url":"https://support.apple.com/HT208144"},{"type":"WEB","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us"},{"type":"WEB","url":"http://www.securitytracker.com/id/1039427"},{"type":"ADVISORY","url":"http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97058"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038123"},{"type":"FIX","url":"http://support.ntp.org/bin/view/Main/NtpBug3378"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.2.8-p9"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.3"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.4"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.5"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.6"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.7"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.8"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.9"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.10"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.11"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.12"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.13"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.14"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.15"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.16"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.17"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.18"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.19"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.20"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.21"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.22"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.23"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.24"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.25"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.26"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.27"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.28"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.29"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.30"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.31"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.32"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.33"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.34"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.35"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.36"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.37"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.38"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.39"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.40"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.41"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.42"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.43"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.44"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.45"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.46"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.47"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.48"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.49"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.50"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.51"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.52"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.53"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.54"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.55"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.56"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.57"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.58"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.59"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.60"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.61"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.62"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.63"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.64"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.65"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.66"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.67"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.68"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.69"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.70"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.71"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.72"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.73"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.74"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.75"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.76"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.77"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.78"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.79"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.80"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.81"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.82"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.83"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.84"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.85"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.86"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.87"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.88"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.89"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.90"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.91"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.92"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.93"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6451.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}