vulnerability
Ubuntu: (CVE-2019-6442): ntpsec vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:N/A:P) | Jan 16, 2019 | Nov 19, 2024 | Aug 18, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Published
Jan 16, 2019
Added
Nov 19, 2024
Modified
Aug 18, 2025
Description
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.
Solution
ubuntu-upgrade-ntpsec
References
- CVE-2019-6442
- https://attackerkb.com/topics/CVE-2019-6442
- CWE-787
- URL-https://dumpco.re/blog/ntpsec-bugs
- URL-https://dumpco.re/bugs/ntpsec-authed-oobwrite
- URL-https://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWS
- URL-https://www.cve.org/CVERecord?id=CVE-2019-6442
- URL-https://www.exploit-db.com/exploits/46178/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.