Pendulum-Project Ntpd-Rs vulnerabilities

CVE-2026-26076 [MEDIUM] CWE-770 CVE-2026-26076: ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases (2-4 times above normal) in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more effort for the server to respond to by requesting a la

CVE-2025-58066 [MEDIUM] CWE-406 CVE-2025-58066: nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. I nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can induce a message storm between two NTP servers running ntpd-rs. Client-only configurations are no

CVE-2024-38528 [HIGH] CWE-770 CVE-2024-38528: nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. T nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Th

CVE-2023-33192 [HIGH] CWE-130 CVE-2023-33192: ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookie ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS packets. The is