High severity7.5OSV Advisory· Published Jun 28, 2024· Updated Apr 15, 2026
CVE-2024-38528
CVE-2024-38528
Description
nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. This vulnerability has been patched in version 1.1.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ntpdcrates.io | >= 0.3.1, < 1.1.3 | 1.1.3 |
Affected products
7- Range: v0.3.1, v0.3.2, v0.3.3, …
- ghsa-coords6 versionspkg:cargo/ntpdpkg:rpm/opensuse/ntpd-rs&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/ntpd-rs&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/ntpd-rs&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ntpd-rs&distro=SUSE%20Package%20Hub%2015%20SP5pkg:rpm/suse/ntpd-rs&distro=SUSE%20Package%20Hub%2015%20SP6
>= 0.3.1, < 1.1.3+ 5 more
- (no CPE)range: >= 0.3.1, < 1.1.3
- (no CPE)range: < 1.2.3-bp155.2.1
- (no CPE)range: < 1.2.3-bp156.2.1
- (no CPE)range: < 1.2.0-1.1
- (no CPE)range: < 1.2.3-bp155.2.1
- (no CPE)range: < 1.2.3-bp156.2.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.