Vulnerability Database

296,147

Total vulnerabilities in the database

ntpd has Dependency on Vulnerable Third-Party Component

During startup, an attacker that can man-in-the-middle traffic to and from NTS key exchange servers can trigger a very expensive key validation process due to a vulnerability in webpki.

Impact

This vulnerability can lead to excessive cpu usage on startup on clients configured to use NTS

Patches

Affected users are recommended to upgrade to version 0.3.7

References

See also https://github.com/rustsec/advisory-db/blob/main/crates/rustls-webpki/RUSTSEC-2023-0053.md

Published: Aug 24, 2023
Updated: Aug 25, 2023
GHSA: GHSA-37xq-q42p-rv3p
Severity: Low
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

CWEs:

CWE-1395

Affected Software
References

Software	From	Fixed in
ntpd	-	0.3.7