An issue exists in NTPsec prior to 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.
Debian Bug report logs -
#919513
CVE-2019-6442 CVE-2019-6443 CVE-2019-6444 CVE-2019-6445
Package:
src:ntpsec;
Maintainer for src:ntpsec is Richard Laager <rlaager@wiktelcom>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Wed, 16 Jan 2019 19:24:02 UTC
Severity: grave
Tags: security
Found in version ntpsec/1 ...