VDB
CVE-2019-6443
CVE-2019-6443
PUBLISHED
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
EPSS 47.17% · 97.7th percentile
Risk Scores
EPSS Score
47.17%
97.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | ntpsec | 0, 1.0.0+dfsg1-1, * |
Exploit Intelligence
- https://dumpco.re/blog/ntpsec-bugs (nist-nvd)
- https://dumpco.re/bugs/ntpsec-oobread1 (nist-nvd)
- https://www.exploit-db.com/exploits/46175/ (nist-nvd)
- CIRCL seen: CVE-2019-6443 (circl-sighting)
- CIRCL exploited: CVE-2019-6443 (circl-sighting)
- CIRCL seen: CVE-2019-6443 (circl-sighting)
- https://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWS (circl)
- https://www.zscaler.com/resources/industry-reports/non-web-attack-surface-report.pdf (vulncheck)
- NTPsec 1.1.2 - ctl_getitem Out-of-Bounds Read Exploit (0day-today)
- NTPsec 1.1.2 - ctl_getitem Out-of-Bounds Read Exploit (0day-today)
…and 2 more exploits
Timeline
- Jan 16, 2019 PoC Published
- Jan 16, 2019 CVE Published
- Jan 17, 2019 PoC Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Nov 6, 2023 EPSS Score
- Dec 26, 2023 EPSS Score
- Jan 10, 2024 EPSS Score
- Jan 28, 2024 EPSS Score
- Feb 14, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-6443 third-party-advisory
- https://dumpco.re/blog/ntpsec-bugs third-party-advisory
- https://dumpco.re/bugs/ntpsec-oobread1 third-party-advisory
- https://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWS third-party-advisory
- https://www.exploit-db.com/exploits/46175/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-6443 third-party-advisory