← back
CVE-2019-6442

CVE-2019-6442

EPSS 13.7%
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/46178/unverifiedexploitdbwww.exploit-db.com/exploits/46178unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://dumpco.re/blog/ntpsec-bugshttps://dumpco.re/bugs/ntpsec-authed-oobwritehttps://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWShttps://www.exploit-db.com/exploits/46178/