CVE-2018-7182

The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
ntpntp
4.2.8:p10
ntpntp
4.2.8:p6
ntpntp
4.2.8:p7
ntpntp
4.2.8:p8
ntpntp
4.2.8:p9
canonicalubuntu_linux
17.10
canonicalubuntu_linux
18.04
netappelement_software
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ntp
bullseye
1:4.2.8p15+dfsg-1
fixed
stretch
postponed
jessie
postponed
wheezy
not-affected
ntpsec
bullseye
1.2.0+dfsg1-4
fixed
stretch
postponed
jessie
postponed
wheezy
not-affected
bookworm
1.2.2+dfsg1-1+deb12u1
fixed
bookworm (security)
1.2.2+dfsg1-1+deb12u1
fixed
sid
1.2.3+dfsg1-3
fixed
trixie
1.2.3+dfsg1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntp
bionic
Fixed 1:4.2.8p10+dfsg-5ubuntu7.1
released
artful
Fixed 1:4.2.8p10+dfsg-5ubuntu3.3
released
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html
http://support.ntp.org/bin/view/Main/NtpBug3412
http://www.securityfocus.com/archive/1/541824/100/0/threaded
http://www.securityfocus.com/bid/103191
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
https://security.gentoo.org/glsa/201805-12
https://security.netapp.com/advisory/ntap-20180626-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
https://usn.ubuntu.com/3707-1/
https://www.exploit-db.com/exploits/45846/
https://www.synology.com/support/security/Synology_SA_18_13
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html
http://support.ntp.org/bin/view/Main/NtpBug3412
http://www.securityfocus.com/archive/1/541824/100/0/threaded
http://www.securityfocus.com/bid/103191
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
https://security.gentoo.org/glsa/201805-12
https://security.netapp.com/advisory/ntap-20180626-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
https://usn.ubuntu.com/3707-1/
https://www.exploit-db.com/exploits/45846/
https://www.synology.com/support/security/Synology_SA_18_13