CVE-2018-7183 (retired)

Priority
Description
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through
4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an
ntpq query and sending a response with a crafted array.
Notes
 http://support.ntp.org/bin/view/Main/NtpBug3414
Assigned-to
mdeslaur
Package
Source: ntp (LP Ubuntu Debian)
Upstream:released (4.2.8p11)
Ubuntu 12.04 ESM (Precise Pangolin):released (1:4.2.6.p3+dfsg-1ubuntu3.12)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.13)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:4.2.8p4+dfsg-3ubuntu5.9)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:4.2.8p10+dfsg-5ubuntu7.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1:4.2.8p11+dfsg-1ubuntu1)
Ubuntu 19.04 (Disco Dingo):released (1:4.2.8p11+dfsg-1ubuntu1)
Patches:
Upstream:http://bk.ntp.org/ntp-stable/?PAGE=cset&REV=59600eacHNF0J6NIJgOKyMHSraP_WQ
More Information

Updated: 2019-03-26 12:27:45 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)