CVE-2018-7183
NONE EPSS 95.3%
Published Mar 8, 20188y ago · Modified Jun 17, 20262w ago
Published Mar 8, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
Threat Intelligence
EPSS Exploit Probability
95.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 14
| Vendor | Product | Version | Range |
|---|---|---|---|
| ntp | ntp | 4.2.8 | any |
| ntp | ntp | 4.2.8 | any |
| ntp | ntp | 4.2.8 | any |
| ntp | ntp | 4.2.8 | any |
| ntp | ntp | 4.2.8 | any |
| freebsd | freebsd | 10.3 | any |
| freebsd | freebsd | 10.4 | any |
| freebsd | freebsd | 11.1 | any |
| canonical | ubuntu_linux | 12.04 | any |
| canonical | ubuntu_linux | 14.04 | any |
| canonical | ubuntu_linux | 16.04 | any |
| canonical | ubuntu_linux | 17.10 | any |
| canonical | ubuntu_linux | 18.04 | any |
| netapp | element_software | * | any |
References 11
- support.ntp.org http://support.ntp.org/bin/view/Main/NtpBug3414
- support.ntp.org http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
- securityfocus.com http://www.securityfocus.com/bid/103351
- security.freebsd.org https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
- security.gentoo.org https://security.gentoo.org/glsa/201805-12
- security.netapp.com https://security.netapp.com/advisory/ntap-20180626-0001/
- support.hpe.com https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
- usn.ubuntu.com https://usn.ubuntu.com/3707-1/
- usn.ubuntu.com https://usn.ubuntu.com/3707-2/
- oracle.com https://www.oracle.com//security-alerts/cpujul2021.html
- synology.com https://www.synology.com/support/security/Synology_SA_18_13
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.