CVE-2017-6458

Public on 2017-03-27

Modified on 2017-04-20

Description

A vulnerability was found in NTP, in the building of response packets with custom fields. If custom fields were configured in ntp.conf with particularly long names, inclusion of these fields in the response packet could cause a buffer overflow, leading to a crash.

Severity

Low

See what this means

CVSS v3 Base Score

7.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	ntp	2017-04-20	ALAS-2017-816

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.1	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
NVD	CVSSv2	6.5	AV:N/AC:L/Au:S/C:P/I:P/A:P
NVD	CVSSv3	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2017-6458 Mitre: CVE-2017-6458