Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-12327Out-of-bounds Write in NTP

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow12 documents10 sources
Severity
9.8CRITICALNVD
EPSS
15.0%
top 5.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
NTP
Timeline
PublishedJun 20
Latest updateDec 8

Description

Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDntp/ntp4.2.8

🔴Vulnerability Details

3
GHSA
GHSA-gmx7-j3pp-2gxp: Stack-based buffer overflow in ntpq and ntpdc of NTP version 42022-05-13
CVEList
CVE-2018-12327: Stack-based buffer overflow in ntpq and ntpdc of NTP version 42018-06-20
OSV
CVE-2018-12327: Stack-based buffer overflow in ntpq and ntpdc of NTP version 42018-06-20

💥Exploits & PoCs

1
Exploit-DB
ntp 4.2.8p11 - Local Buffer Overflow (PoC)2018-06-20

📋Vendor Advisories

4
Ubuntu
NTP vulnerability2021-03-15
Ubuntu
NTP vulnerability2020-01-09
Red Hat
ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution2018-06-20
Debian
CVE-2018-12327: ntp - Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an ...2018

📄Research Papers

1
arXiv
Exploring the Limits of ChatGPT in Software Security Applications2023-12-08

💬Community

2
Bugzilla
CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution [fedora-all]2018-06-21
Bugzilla
CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution2018-06-21