CVE-2019-6445
MEDIUMntpsec < 1.1.3 - Authenticated Denial of Service via NULL Pointer Dereference in ntp_control.c
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2019-6445. PoCs published by Magnus Klaaborg Stubman.
AI-analyzed exploit summary This PoC exploits a NULL pointer exception in ntpsec by sending a malformed UDP packet to trigger a crash. It targets versions 1.1.0 to 1.1.2 and requires authentication with Keyid 1 and password 'gurka'.
Description
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Magnus Klaaborg Stubman · pythondoslinux
https://www.exploit-db.com/exploits/46177
This PoC exploits a NULL pointer exception in ntpsec by sending a malformed UDP packet to trigger a crash. It targets versions 1.1.0 to 1.1.2 and requires authentication with Keyid 1 and password 'gurka'.
Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target:
ntpsec 1.1.0, 1.1.1, 1.1.2
Auth required
Prerequisites:
Network access to the NTP server · Valid authentication credentials (Keyid 1, password 'gurka')
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/46177/
Exploit, Third Party Advisory x_refsource_misc
https://dumpco.re/blog/ntpsec-bugs
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWS
Exploit, Third Party Advisory x_refsource_misc
https://dumpco.re/bugs/ntpsec-authed-npe
Scores
CVSS v3
6.5
EPSS
0.1408
EPSS Percentile
96.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
ntpsec/ntpsec
< 1.1.3
Published
Jan 16, 2019
Tracked Since
Feb 18, 2026