CVE-2018-7183

Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
ntpntp
4.2.8:p10
ntpntp
4.2.8:p6
ntpntp
4.2.8:p7
ntpntp
4.2.8:p8
ntpntp
4.2.8:p9
freebsdfreebsd
10.3
freebsdfreebsd
10.4
freebsdfreebsd
11.1
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
canonicalubuntu_linux
18.04
netappelement_software
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ntp
bullseye
1:4.2.8p15+dfsg-1
fixed
stretch
no-dsa
jessie
no-dsa
wheezy
no-dsa
ntpsec
bullseye
1.2.0+dfsg1-4
fixed
stretch
no-dsa
jessie
no-dsa
wheezy
no-dsa
bookworm
1.2.2+dfsg1-1+deb12u1
fixed
bookworm (security)
1.2.2+dfsg1-1+deb12u1
fixed
sid
1.2.3+dfsg1-3
fixed
trixie
1.2.3+dfsg1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntp
cosmic
Fixed 1:4.2.8p11+dfsg-1ubuntu1
released
bionic
Fixed 1:4.2.8p10+dfsg-5ubuntu7.1
released
artful
Fixed 1:4.2.8p10+dfsg-5ubuntu3.3
released
xenial
Fixed 1:4.2.8p4+dfsg-3ubuntu5.9
released
trusty
Fixed 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13
released
Common Weakness Enumeration
References
http://support.ntp.org/bin/view/Main/NtpBug3414
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
http://www.securityfocus.com/bid/103351
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
https://security.gentoo.org/glsa/201805-12
https://security.netapp.com/advisory/ntap-20180626-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
https://usn.ubuntu.com/3707-1/
https://usn.ubuntu.com/3707-2/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.synology.com/support/security/Synology_SA_18_13
http://support.ntp.org/bin/view/Main/NtpBug3414
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
http://www.securityfocus.com/bid/103351
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
https://security.gentoo.org/glsa/201805-12
https://security.netapp.com/advisory/ntap-20180626-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
https://usn.ubuntu.com/3707-1/
https://usn.ubuntu.com/3707-2/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.synology.com/support/security/Synology_SA_18_13