Incomplete Internal State Distinction in ntpsec
CVE-2023-4012
7.5HIGH
What is CVE-2023-4012?
An issue has been identified in NTPsec where the NTPD server crashes upon receiving a request from a client that is NTS-enabled, when the server itself is not configured for NTS (has no certificate). This vulnerability can be exploited in scenarios where an NTS-enabled client attempts to communicate with a non-NTS server, leading to a server crash and potential service disruption.
Affected Version(s)
ntpsec 1.2.2
