cbcvebase.
CVE-2024-38528
published 2024-06-28

CVE-2024-38528: nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections…

PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.72%
49.2th percentile
nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. This vulnerability has been patched in version 1.1.3.

Affected

3 ranges
VendorProductVersion rangeFixed in
dave_millsntpd>= 0.3.1 < 1.1.31.1.3
debianrust-ntpd< rust-ntpd 1.1.3-1 (forky)rust-ntpd 1.1.3-1 (forky)
pendulum-projectntpd-rs

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.