cbcvebase.
CVE-2018-7182
published 2018-03-06

CVE-2018-7182: The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6…

PriorityP355high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
29.85%
98.0th percentile
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.

Affected

19 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
debianntp< ntp 1:4.2.8p11+dfsg-1 (bullseye)ntp 1:4.2.8p11+dfsg-1 (bullseye)
debianntpsec< ntp 1:4.2.8p11+dfsg-1 (bullseye)ntp 1:4.2.8p11+dfsg-1 (bullseye)
ntpntp
ntpntp
ntpntp
ntpntp
ntpntp
ntpntp>= 0 < 1:4.2.8p11+dfsg-11:4.2.8p11+dfsg-1
ntpntp>= 0 < 1:4.2.6.p5+dfsg-3ubuntu2.14.04.131:4.2.6.p5+dfsg-3ubuntu2.14.04.13
ntpntp>= 0 < 1:4.2.8p4+dfsg-3ubuntu5.91:4.2.8p4+dfsg-3ubuntu5.9
ntpntp>= 0 < 1:4.2.8p10+dfsg-5ubuntu7.11:4.2.8p10+dfsg-5ubuntu7.1
ntpntp>= 0 < 1:4.2.8p10+dfsg-5ubuntu7.31:4.2.8p10+dfsg-5ubuntu7.3
ntpntp>= 0 < 1:4.2.8p12+dfsg-3ubuntu4.20.04.11:4.2.8p12+dfsg-3ubuntu4.20.04.1
ntpsecntpsec>= 0 < 1.0.0+dfsg1-51.0.0+dfsg1-5
ntpsecntpsec>= 0 < 1.0.0+dfsg1-51.0.0+dfsg1-5
ntpsecntpsec>= 0 < 1.0.0+dfsg1-51.0.0+dfsg1-5
ntpsecntpsec>= 0 < 1.0.0+dfsg1-51.0.0+dfsg1-5

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.