An issue exists in NTPsec prior to 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
Debian Bug report logs -
#919513
CVE-2019-6442 CVE-2019-6443 CVE-2019-6444 CVE-2019-6445
Package:
src:ntpsec;
Maintainer for src:ntpsec is Richard Laager <rlaager@wiktelcom>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Wed, 16 Jan 2019 19:24:02 UTC
Severity: grave
Tags: security
Found in version ntpsec/1 ...