CVE-2018-12327

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-12327
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12327.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-12327
Related
Published
2018-06-20T14:29:00Z
Modified
2024-08-01T08:14:19.537611Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.

References

Affected packages

Debian:11 / ntp

Package

Name
ntp
Purl
pkg:deb/debian/ntp?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*

1:4.2.8p15+dfsg-1
1:4.2.8p15+dfsg-2~1.2.1+dfsg1-7+hurd.1
1:4.2.8p15+dfsg-2~1.2.1+dfsg1-8+hurd.1
1:4.2.8p15+dfsg-2~1.2.2+dfsg1-2+hurd.1

Ecosystem specific

{
    "urgency": "unimportant"
}