ID CVE-2018-7183
Summary Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
References
Vulnerable Configurations
  • cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 20-07-2021 - 23:15)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 103351
confirm
freebsd FreeBSD-SA-18:02
gentoo GLSA-201805-12
ubuntu
  • USN-3707-1
  • USN-3707-2
Last major update 20-07-2021 - 23:15
Published 08-03-2018 - 20:29
Last modified 20-07-2021 - 23:15
Back to Top