CVE-2019-6442
published 2019-01-16CVE-2019-6442: An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to…
PriorityP345medium6.5CVSS 3.0
AVNACLPRLUINSUCNINAH
EXPLOIT
EPSS
13.71%
96.0th percentile
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ntpsec | < ntpsec 1.1.3+dfsg1-1 (bookworm) | ntpsec 1.1.3+dfsg1-1 (bookworm) |
| chrome_chrome | — | — | |
| ntpsec | ntpsec | < 1.1.3 | 1.1.3 |
| ntpsec | ntpsec | >= 0 < 1.1.3+dfsg1-1 | 1.1.3+dfsg1-1 |
| ntpsec | ntpsec | >= 0 < 1.1.3+dfsg1-1 | 1.1.3+dfsg1-1 |
| ntpsec | ntpsec | >= 0 < 1.1.3+dfsg1-1 | 1.1.3+dfsg1-1 |
| ntpsec | ntpsec | >= 0 < 1.1.3+dfsg1-1 | 1.1.3+dfsg1-1 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Chrome
Stable Channel Update for Desktop: CVE-2020-6441
vendor_chrome·2020-04-07·CVSS 4.3
CVE-2020-6441 [LOW] Stable Channel Update for Desktop: CVE-2020-6441
Stable Channel Update for Desktop
CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg on 2019-05-04
[$500][ 1013906 ] Low CVE-2020-6442: Inappropriate implementation in cache
Reported by B@rMey on 2019-10-12
Severity: low
Debian
CVE-2019-6442: ntpsec - An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can wr...
vendor_debian·2019·CVSS 6.5
CVE-2019-6442 [MEDIUM] CVE-2019-6442: ntpsec - An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can wr...
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.
Scope: local
bookworm: resolved (fixed in 1.1.3+dfsg1-1)
bullseye: resolved (fixed in 1.1.3+dfsg1-1)
forky: resolved (fixed in 1.1.3+dfsg1-1)
sid: resolved (fixed in 1.1.3+dfsg1-1)
trixie: resolved (fixed in 1.1.3+dfsg1-1)
GHSA
GHSA-x553-v9rp-pgh7: An issue was discovered in NTPsec before 1
ghsa_unreviewed·2022-05-14
CVE-2019-6442 [MEDIUM] CWE-787 GHSA-x553-v9rp-pgh7: An issue was discovered in NTPsec before 1
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.
OSV
CVE-2019-6442: An issue was discovered in NTPsec before 1
osv·2019-01-16·CVSS 6.5
CVE-2019-6442 [MEDIUM] CVE-2019-6442: An issue was discovered in NTPsec before 1
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.
No detection rules found.
No writeups or analysis indexed.
https://dumpco.re/blog/ntpsec-bugshttps://dumpco.re/bugs/ntpsec-authed-oobwritehttps://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWShttps://www.exploit-db.com/exploits/46178/https://dumpco.re/blog/ntpsec-bugshttps://dumpco.re/bugs/ntpsec-authed-oobwritehttps://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWShttps://www.exploit-db.com/exploits/46178/
2019-01-16
Published