crates.io package
ntpd
pkg:cargo/ntpd
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-38528 | Hig | 7.5 | >= 0.3.1, < 1.1.3 | 1.1.3 | Jun 28, 2024 | nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server conf | |
| CVE-2023-33192 | — | >= 0.3.0, < 0.3.3 | 0.3.3 | May 27, 2023 | ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The se |
- affected >= 0.3.1, < 1.1.3fixed 1.1.3
nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server conf
- CVE-2023-33192May 27, 2023affected >= 0.3.0, < 0.3.3fixed 0.3.3
ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The se