Unauthenticated Remote Attackers Can Crash ntpd-rs with NTS-KE Configuration
CVE-2024-38528

7.5HIGH

Key Information:

Vendor: Pendulum-project
Status: Ntpd-rs
Vendor: CVE Published:; 28 June 2024

🔔 Create Pendulum-project Vulnerability Alert

What is CVE-2024-38528?

The ntpd-rs tool, developed by the Pendulum Project for synchronizing computer clocks via NTP and NTS protocols, is impacted by a vulnerability related to NTS-KE connections. A lack of imposed limits on accepted NTS-KE connections permits an unauthenticated remote attacker to potentially crash the ntpd-rs service when a vulnerable NTS-KE server is in use. However, configurations that do not utilize NTS-KE, such as the default settings of ntpd-rs, remain unaffected. This issue has been resolved in version 1.1.3 of the software.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ntpd-rs >= 0.3.1, <= 1.1.2

References

https://github.com/pendulum-project/ntpd-rs/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2024
Vulnerability Reserved
Jun 18, 2024

JSON

Pendulum-project

What is CVE-2024-38528?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.