Detections
Analytics

CVE-2017-6462

high

Description

Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.

References

https://usn.ubuntu.com/3707-2/

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc

https://access.redhat.com/errata/RHSA-2018:0855

https://access.redhat.com/errata/RHSA-2017:3071

http://www.securitytracker.com/id/1038123

http://www.securityfocus.com/bid/97045

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us

https://support.apple.com/HT208144

http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu

http://support.ntp.org/bin/view/Main/NtpBug3388

Details

Source: Mitre, NVD

Published: 2017-03-27

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00118