An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntpcontrol.c, related to ctlgetitem.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "ntpsec", "binary_version": "1.1.0+dfsg1-1ubuntu0.2" }, { "binary_name": "ntpsec-dbgsym", "binary_version": "1.1.0+dfsg1-1ubuntu0.2" }, { "binary_name": "ntpsec-doc", "binary_version": "1.1.0+dfsg1-1ubuntu0.2" }, { "binary_name": "ntpsec-ntpdate", "binary_version": "1.1.0+dfsg1-1ubuntu0.2" }, { "binary_name": "ntpsec-ntpviz", "binary_version": "1.1.0+dfsg1-1ubuntu0.2" }, { "binary_name": "python3-ntp", "binary_version": "1.1.0+dfsg1-1ubuntu0.2" }, { "binary_name": "python3-ntp-dbgsym", "binary_version": "1.1.0+dfsg1-1ubuntu0.2" } ] }