CVE-2018-7183

EPSS 14.25%
Veröffentlicht 08.03.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 04:11:44
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ntp ≫ Ntp Version4.2.8 Updatep10

Ntp ≫ Ntp Version4.2.8 Updatep6

Ntp ≫ Ntp Version4.2.8 Updatep7

Ntp ≫ Ntp Version4.2.8 Updatep8

Ntp ≫ Ntp Version4.2.8 Updatep9

Freebsd ≫ Freebsd Version10.3

Freebsd ≫ Freebsd Version10.4

Freebsd ≫ Freebsd Version11.1

Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version17.10

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Netapp ≫ Element Software Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	14.25%	0.942

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.oracle.com//security-alerts/cpujul2021.html

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us

https://www.synology.com/support/security/Synology_SA_18_13

Third Party Advisory

https://usn.ubuntu.com/3707-2/

Third Party Advisory

https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc

Third Party Advisory

https://security.gentoo.org/glsa/201805-12

Third Party Advisory

https://security.netapp.com/advisory/ntap-20180626-0001/

Third Party Advisory

https://usn.ubuntu.com/3707-1/

Third Party Advisory

http://support.ntp.org/bin/view/Main/NtpBug3414

Vendor Advisory

http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S

Vendor Advisory

http://www.securityfocus.com/bid/103351

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-7183

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-7183

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-7183

EUVD