rpm package
opensuse/ntpsec&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ntpsec&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-22212 | — | < 1.2.1-1.2 | 1.2.1-1.2 | Jun 8, 2021 | ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the adm | ||
| CVE-2019-6445 | — | < 1.2.1-1.2 | 1.2.1-1.2 | Jan 16, 2019 | An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem. | ||
| CVE-2019-6443 | — | < 1.2.1-1.2 | 1.2.1-1.2 | Jan 16, 2019 | An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd. | ||
| CVE-2019-6442 | — | < 1.2.1-1.2 | 1.2.1-1.2 | Jan 16, 2019 | An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y. | ||
| CVE-2018-7182 | — | < 1.2.1-1.2 | 1.2.1-1.2 | Mar 6, 2018 | The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. |
- CVE-2021-22212Jun 8, 2021affected < 1.2.1-1.2fixed 1.2.1-1.2
ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the adm
- CVE-2019-6445Jan 16, 2019affected < 1.2.1-1.2fixed 1.2.1-1.2
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.
- CVE-2019-6443Jan 16, 2019affected < 1.2.1-1.2fixed 1.2.1-1.2
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
- CVE-2019-6442Jan 16, 2019affected < 1.2.1-1.2fixed 1.2.1-1.2
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.
- CVE-2018-7182Mar 6, 2018affected < 1.2.1-1.2fixed 1.2.1-1.2
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.