CVE-2019-8936
HIGHNetapp Clustered Data Ontap < 9.2 - NULL Pointer Dereference
Title source: ruleExploitation Summary
EIP tracks 1 public exploit for CVE-2019-8936. PoCs published by snappyJack.
AI-analyzed exploit summary This PoC exploits CVE-2019-8936 by sending a malformed UDP packet to trigger a buffer overflow in the target software. The payload is crafted to manipulate memory and potentially achieve remote code execution.
Description
NTP through 4.2.8p12 has a NULL Pointer Dereference.
Exploits (1)
nomisec
WORKING POC
by snappyJack · poc
https://github.com/snappyJack/CVE-2019-8936
This PoC exploits CVE-2019-8936 by sending a malformed UDP packet to trigger a buffer overflow in the target software. The payload is crafted to manipulate memory and potentially achieve remote code execution.
Classification
Working Poc 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target:
Unknown (likely a network service vulnerable to UDP-based buffer overflow)
No auth needed
Prerequisites:
Network access to the target · Target service running on UDP port 123
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (15)
Core 15
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201903-15
Release Notes, Vendor Advisory x_refsource_misc
http://support.ntp.org/bin/view/Main/SecurityNotice
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/
Patch, Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190503-0001/
Mitigation, Third Party Advisory vendor-advisory
x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc
Issue Tracking, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/May/39
Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm
http://bugs.ntp.org/show_bug.cgi?id=3565
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html
Third Party Advisory x_refsource_confirm
https://support.f5.com/csp/article/K61363039
Third Party Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4563-1/
Scores
CVSS v3
7.5
EPSS
0.0573
EPSS Percentile
92.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (10)
fedoraproject/fedora
28
fedoraproject/fedora
29
fedoraproject/fedora
30
hpe/hpux-ntp
< c.4.2.8.4.0
netapp/clustered_data_ontap
< 9.2
netapp/data_ontap
ntp/ntp
4.2.8 (26 CPE variants)
ntp/ntp
< 4.2.8
opensuse/leap
15.0
opensuse/leap
42.3
Published
May 15, 2019
Tracked Since
Feb 18, 2026