Out-of-bounds Read in ntp | CVE-2018-7182

Q: How to fix?

There is no fixed version for Debian:9 ntp .

Threat Intelligence

Mature

35.43% (98^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-DEBIAN9-NTP-373143
published6 Mar 2018
disclosed6 Mar 2018

Report a new vulnerability Found a mistake?

Introduced: 6 Mar 2018

CVE-2018-7182 (opens in a new tab) CWE-125 (opens in a new tab)

How to fix?

There is no fixed version for Debian:9 ntp.

NVD Description

Note: Versions mentioned in the description apply only to the upstream ntp package and not the ntp package as distributed by Debian. See How to fix? for Debian:9 relevant fixed versions and status.

The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.

References

https://security-tracker.debian.org/tracker/CVE-2018-7182
http://www.securityfocus.com/archive/1/541824/100/0/threaded
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
http://support.ntp.org/bin/view/Main/NtpBug3412
https://www.synology.com/support/security/Synology_SA_18_13
https://www.exploit-db.com/exploits/45846/
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc
https://security.gentoo.org/glsa/201805-12
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html
https://security.netapp.com/advisory/ntap-20180626-0001/
http://www.securityfocus.com/bid/103191
http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-7182
https://usn.ubuntu.com/3707-1/
https://www.exploit-db.com/exploits/45846

Out-of-bounds Read Affecting ntp package, versions *

Severity