CVE-2019-6442

MEDIUM

ntpsec < 1.1.3 - Authenticated Out-of-bounds Write via Malformed Config Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-6442. PoCs published by Magnus Klaaborg Stubman.

AI-analyzed exploit summary This exploit triggers an authenticated out-of-bounds write in ntpsec 1.1.2, leading to a denial-of-service (DoS) condition. It sends a malformed UDP packet to the NTP service on port 123, exploiting a vulnerability in authenticated packet handling.

Description

An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Magnus Klaaborg Stubman · pythondoslinux
https://www.exploit-db.com/exploits/46178

This exploit triggers an authenticated out-of-bounds write in ntpsec 1.1.2, leading to a denial-of-service (DoS) condition. It sends a malformed UDP packet to the NTP service on port 123, exploiting a vulnerability in authenticated packet handling.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: ntpsec versions prior to 1.1.2
Auth required
Prerequisites: Network access to the target NTP service · Authentication credentials (Keyid 1 with password 'gurka')
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46178/
Exploit, Third Party Advisory x_refsource_misc
https://dumpco.re/bugs/ntpsec-authed-oobwrite
Exploit, Third Party Advisory x_refsource_misc
https://dumpco.re/blog/ntpsec-bugs

Scores

CVSS v3 6.5
EPSS 0.1371
EPSS Percentile 96.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-787
Status published
Products (1)
ntpsec/ntpsec < 1.1.3
Published Jan 16, 2019
Tracked Since Feb 18, 2026