CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2018-12327

CVSS 9.8v3.0pub. 2018-06-20upd. 2024-11-21

Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ntp

    APP
    Ntp
    4.2.8
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2018-7183CRITICAL9.8ten sam produkt

Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to e...

CVE-2015-7871CRITICAL9.8ten sam produkt

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to byp...

CVE-2015-7705CRITICAL9.8ten sam produkt

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have un...

CVE-2015-7853CRITICAL9.8ten sam produkt

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remot...

CVE-2020-13817HIGH7.4ten sam produkt

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (dae...

CVE-2018-12327 β€” Ntp β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl