[ntp:security] [Bug 3414] ntpq: decodearr() can write beyond its 'buf' limits

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Mon Oct 23 14:14:54 UTC 2017


http://bugs.ntp.org/show_bug.cgi?id=3414

Danny Mayer <mayer at ntp.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mayer at ntp.org

--- Comment #11 from Danny Mayer <mayer at ntp.org> 2017-10-23 14:14:54 UTC ---
I'm not convinced that this needs a CVE. This is a bug in ntpq which is a
purely client tool. If the buffer overflow causes a problem then at worst case
the ntpq will exit with a stacktrace. It is a bug but how does it affect
security?

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list