[email protected]CVE-2018-7183

HistoryMar 08, 2018 - 8:29 p.m.

CVE-2018-7183

2018-03-0820:29:00

CWE-787

[email protected]

web.nvd.nist.gov

130

cve-2018-7183

buffer overflow

ntpq

remote code execution

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.779 High

EPSS

Percentile

98.2%

JSON

Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.

CPENameOperatorVersion
ntp:ntpntpeq4.2.8
freebsd:freebsdfreebsdeq10.3
freebsd:freebsdfreebsdeq11.1
freebsd:freebsdfreebsdeq10.4
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq16.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq17.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq18.04
netapp:element_softwarenetapp element softwareeq-

CPE	Name	Operator	Version
ntp:ntp	ntp	eq	4.2.8
freebsd:freebsd	freebsd	eq	10.3
freebsd:freebsd	freebsd	eq	11.1
freebsd:freebsd	freebsd	eq	10.4
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	16.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	17.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	18.04
netapp:element_software	netapp element software	eq	-