CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4012 – Incomplete Internal State Distinction in ntpsec
https://notcve.org/view.php?id=CVE-2023-4012
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3). • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038422 https://gitlab.com/NTPsec/ntpsec/-/issues/794 • CWE-372: Incomplete Internal State Distinction •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22212
https://notcve.org/view.php?id=CVE-2021-22212
ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are shorter than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them. ntpkeygen puede generar claves que ntpd no puede analizar. NTPsec versión 1.2.0 permite a ntpkeygen generar claves con caracteres "#". ntpd entonces rellena, acorta la clave, o comete un fallo al cargar estas claves por completo, dependiendo del tipo de clave y la colocación del "#". • https://bugzilla.redhat.com/show_bug.cgi?id=1955859 https://gitlab.com/NTPsec/ntpsec/-/issues/699 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22212.json https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GIT2HYL5BQXPGKI6ZDNG473IEQ5WQF2 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.1EPSS: 26%CPEs: 1EXPL: 3CVE-2019-6443 – NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)
https://notcve.org/view.php?id=CVE-2019-6443
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd. Se ha descubierto un problema en versiones anteriores a la 1.1.3 de NTPsec. Debido a un error en ctl_getitem, hay una sobrelectura de búfer en read_sysvars en ntp_control.c en ntpd. NTPsec version 1.1.2 suffers from an out-of-bounds read vulnerability in ctl_getitem. • https://www.exploit-db.com/exploits/46175 https://dumpco.re/blog/ntpsec-bugs https://dumpco.re/bugs/ntpsec-oobread1 https://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWS • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 26%CPEs: 1EXPL: 3CVE-2019-6444 – NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
https://notcve.org/view.php?id=CVE-2019-6444
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd. Se ha descubierto un problema en versiones anteriores a la 1.1.3 de NTPsec. process_control() en ntp_control.c tiene una sobrelectura de búfer basada en pila debido a que los datos controlados por el atacante son desreferenciados por ntohl() en ntpd. NTPsec version 1.1.2 suffers from an out-of-bounds read vulnerability in ntp_control. • https://www.exploit-db.com/exploits/46176 https://dumpco.re/blog/ntpsec-bugs https://dumpco.re/bugs/ntpsec-oobread2 https://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWS • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 21%CPEs: 1EXPL: 3CVE-2019-6445 – NTPsec 1.1.2 - 'ntp_control' (Authenticated) NULL Pointer Dereference (PoC)
https://notcve.org/view.php?id=CVE-2019-6445
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem. Se ha descubierto un problema en versiones anteriores a la 1.1.3 de NTPsec. Un atacante autenticado puede provocar una desreferencia de puntero NULL y el cierre inesperado de ntpd en ntp_control.c, relacionado con ctl_getitem. NTPsec version 1.1.2 suffer from a null pointer dereference vulnerability in ntp_control. • https://www.exploit-db.com/exploits/46177 https://dumpco.re/blog/ntpsec-bugs https://dumpco.re/bugs/ntpsec-authed-npe https://github.com/ntpsec/ntpsec/blob/NTPsec_1_1_3/NEWS • CWE-476: NULL Pointer Dereference •