CVE-2019-6444

An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because…

mitre·CWE-125·Published 2019-01-16

CVSS

—

EPSS

0.46

KEV

Exploits

cve.orgen

186 chars

An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.

NVDen

186 chars

An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.

NVDes

250 chars

Se ha descubierto un problema en versiones anteriores a la 1.1.3 de NTPsec. process_control() en ntp_control.c tiene una sobrelectura de búfer basada en pila debido a que los datos controlados por el atacante son desreferenciados por ntohl() en ntpd.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:P/I:N/A:P
3.0	Primary	NVD	9.1	3.9	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H