CVE-2018-7182

HIGH

ntp 4.2.8p6-4.2.8p10 - Denial of Service via Crafted Mode 6 Packet

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-7182. PoCs published by Magnus Klaaborg Stubman.

AI-analyzed exploit summary This PoC exploits an out-of-bounds read vulnerability in ntpd 4.2.8p6-4.2.8p10 by sending a malformed UDP packet to trigger a crash detectable under memory sanitizers like ASan or Valgrind.

Description

The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.

Exploits (1)

exploitdb WORKING POC

by Magnus Klaaborg Stubman · pythonlocallinux

https://www.exploit-db.com/exploits/45846

View Code ZIP pw:eip

This PoC exploits an out-of-bounds read vulnerability in ntpd 4.2.8p6-4.2.8p10 by sending a malformed UDP packet to trigger a crash detectable under memory sanitizers like ASan or Valgrind.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: ntpd 4.2.8p6 - 4.2.8p10

No auth needed

Prerequisites: Network access to the target's NTP service (UDP port 123)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11

Core References

Vendor Advisory x_refsource_confirm

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201805-12

Patch, Third Party Advisory vendor-advisory x_refsource_freebsd

https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20180626-0001/

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/541824/100/0/threaded

Mitigation, Vendor Advisory x_refsource_confirm

http://support.ntp.org/bin/view/Main/NtpBug3412

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3707-1/

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45846/

Third Party Advisory x_refsource_confirm

https://www.synology.com/support/security/Synology_SA_18_13

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103191

Scores

CVSS v3 7.5

EPSS 0.2985

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-125

Status published

Products (4)

canonical/ubuntu_linux 17.10

canonical/ubuntu_linux 18.04

netapp/element_software

ntp/ntp 4.2.8 p10 (5 CPE variants)

Published Mar 06, 2018

Tracked Since Feb 18, 2026