Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-6442 — Out-of-bounds Write in Ntpsec

CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

10.2%

top 6.84%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Ntpsec Debian Ntpsec Google Chrome Chrome

Timeline

PublishedJan 16

Latest updateMay 14

Description

An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDntpsec/ntpsec< 1.1.3

▶debiandebian/ntpsec< ntpsec 1.1.3+dfsg1-1 (bookworm)

▶Debianntpsec/ntpsec< 1.1.3+dfsg1-1+3

▶googlegoogle/chrome_chrome

🔴Vulnerability Details

GHSA

GHSA-x553-v9rp-pgh7: An issue was discovered in NTPsec before 1↗2022-05-14

▶

OSV

CVE-2019-6442: An issue was discovered in NTPsec before 1↗2019-01-16

▶

💥Exploits & PoCs

Exploit-DB

NTPsec 1.1.2 - 'config' (Authenticated) Out-of-Bounds Write Denial of Service (PoC)↗2019-01-16

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2020-6441↗2020-04-07

▶

Debian

CVE-2019-6442: ntpsec - An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can wr...↗2019

▶