CVE-2018-7183

NONE EPSS 95.3%
Published Mar 8, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 8, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.

Threat Intelligence

EPSS Exploit Probability
95.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 14

VendorProductVersionRange
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
freebsdfreebsd10.3any
freebsdfreebsd10.4any
freebsdfreebsd11.1any
canonicalubuntu_linux12.04any
canonicalubuntu_linux14.04any
canonicalubuntu_linux16.04any
canonicalubuntu_linux17.10any
canonicalubuntu_linux18.04any
netappelement_software*any

References 11

  • support.ntp.org http://support.ntp.org/bin/view/Main/NtpBug3414
    Vendor Advisory
  • support.ntp.org http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
    Vendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/103351
    Third Party AdvisoryVDB Entry
  • security.freebsd.org https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
    Third Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201805-12
    Third Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20180626-0001/
    Third Party Advisory
  • support.hpe.com https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
  • usn.ubuntu.com https://usn.ubuntu.com/3707-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3707-2/
    Third Party Advisory
  • oracle.com https://www.oracle.com//security-alerts/cpujul2021.html
  • synology.com https://www.synology.com/support/security/Synology_SA_18_13
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.