Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-7183

Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.

Related bugs and status

CVE-2018-7183 (Candidate) is related to these bugs:

Bug #1773921: merge ntp 1:4.2.8p11+dfsg-1 for cosmic

Summary				In	Importance	Status
	1773921	merge ntp 1:4.2.8p11+dfsg-1 for cosmic		ntp (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://support.ntp.org...
CONFIRM: http://support.ntp.org...
FREEBSD: FreeBSD-SA-18:02
BID: 103351
CONFIRM: https://www.synology.c...
CONFIRM: https://security.netap...
UBUNTU: USN-3707-1
GENTOO: GLSA-201805-12
UBUNTU: USN-3707-2
CONFIRM: https://support.hpe.co...
MISC: https://www.oracle.com...