Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
References
Link | Resource |
---|---|
http://support.ntp.org/bin/view/Main/NtpBug3414 | Vendor Advisory |
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S | Vendor Advisory |
http://www.securityfocus.com/bid/103351 | Third Party Advisory VDB Entry |
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc | Third Party Advisory |
https://security.gentoo.org/glsa/201805-12 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20180626-0001/ | Third Party Advisory |
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us | |
https://usn.ubuntu.com/3707-1/ | Third Party Advisory |
https://usn.ubuntu.com/3707-2/ | Third Party Advisory |
https://www.oracle.com//security-alerts/cpujul2021.html | |
https://www.synology.com/support/security/Synology_SA_18_13 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
No history.
Information
Published : 2018-03-08 20:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-7183
Mitre link : CVE-2018-7183
CVE.ORG link : CVE-2018-7183
JSON object : View
Products Affected
canonical
- ubuntu_linux
freebsd
- freebsd
ntp
- ntp
netapp
- element_software
CWE
CWE-787
Out-of-bounds Write