Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-7182 — Out-of-bounds Read in Ubuntu Linux

CWE-125 — Out-of-bounds Read CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer16 documents10 sources

Severity

7.5HIGHNVD

EPSS

11.1%

top 6.53%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

NTP Ntpsec Canonical Ubuntu Linux

Timeline

PublishedMar 6

Latest updateMay 13

Description

The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Debianntp/ntp< 1:4.2.8p11+dfsg-1

▶Ubuntuntp/ntp< 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13+4

▶Debianntpsec/ntpsec< 1.0.0+dfsg1-5+3

▶NVDntp/ntp4.2.8

Also affects: Ubuntu Linux 17.10, 18.04

Patches

Patch: security.freebsd.org ↗Patch: security.freebsd.org ↗

🔴Vulnerability Details

GHSA

GHSA-wjhm-mrg7-qc53: The ctl_getitem method in ntpd in ntp-4↗2022-05-13

▶

OSV

ntp vulnerability↗2021-04-20

▶

OSV

ntp vulnerability↗2020-10-01

▶

OSV

ntp vulnerabilities↗2018-07-09

▶

OSV

CVE-2018-7182: The ctl_getitem method in ntpd in ntp-4↗2018-03-06

▶

💥Exploits & PoCs

Exploit-DB

ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)↗2018-11-14

▶

📋Vendor Advisories

Ubuntu

NTP vulnerability↗2021-04-20

▶

Ubuntu

NTP vulnerability↗2020-10-01

▶

Ubuntu

NTP vulnerabilities↗2018-07-09

▶

BSD

FreeBSD-SA-18:02.ntp: Multiple vulnerabilities of ntp↗2018-03-07

▶

Red Hat

ntp: buffer read overrun leads information leak in ctl_getitem()↗2018-02-27

▶

💬Community

Bugzilla

CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 ntp: various flaws [fedora-all]↗2018-02-28

▶

Bugzilla

CVE-2018-7182 ntp: buffer read overrun leads information leak in ctl_getitem()↗2018-02-28

▶