Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-33192
HistoryMay 27, 2023 - 4:15 a.m.

Design/Logic Flaw

2023-05-2704:15:00
PRIOn knowledge base
www.prio-n.com
3
ntpd-rs
ntp implementation
rust
nts cookies
server crash
patch
version 0.3.3
logic flaw
improper slice indexing

0.001 Low

EPSS

Percentile

47.5%

JSON

ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS packets. The issue was caused by improper slice indexing. The indexing operations were replaced by safer alternatives that do not crash the ntpd-rs server process but instead properly handle the error condition. A patch was released in version 0.3.3.

CPENameOperatorVersion
ntpd-rsge0.3.0
ntpd-rslt0.3.3

Related

osv 2
nvd 1
github 1
cve 1
cvelist 1
osv
osv
Improper handling of NTS cookie length that could crash the ntpd-rs server
2023-05-25 17:01:12
CVE-2023-33192
2023-05-27 04:15:25
nvd
nvd
CVE-2023-33192
2023-05-27 04:15:25
github
github
Improper handling of NTS cookie length that could crash the ntpd-rs server
2023-05-25 17:01:12
cve
cve
CVE-2023-33192
2023-05-27 04:15:25
cvelist
cvelist
CVE-2023-33192 Improper handling of NTS cookie length that could crash the ntpd-rs server
2023-05-27 03:53:34

0.001 Low

EPSS

Percentile

47.5%

JSON
Related for PRION:CVE-2023-33192
osv2nvd1github1cve1cvelist1