CVE-2019-6442

Name of the Vulnerable Software and Affected Versions NTPsec versions prior to 1.1.3

Description An issue in NTPsec allows an authenticated attacker to write one byte out of bounds in ntpd via a malformed config request. This is related to functions such as config remotely in ntp config.c, yyparse in ntp parser.tab.c, and yyerror in ntp parser.y. The vulnerability can be exploited by a remote attacker using an improperly formatted configuration request, potentially leading to a denial of service.

Recommendations For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the config request functionality to minimize the risk of exploitation.