CVE-2023-33192

ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes...

Design/Logic Flaw

ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes...

CVE-2023-33192

CVE-2023-33192 affects ntpd-rs, a Rust NTP implementation. The issue is improper handling/validation of NTS cookie length in NTP packets, allowing a specially crafted cookie to crash the ntpd-rs server (also observed when the server is not configured to handle NTS). Root cause: unsafe or faulty s...

GHSA-QWHM-H7V3-MRJX Improper handling of NTS cookie length that could crash the ntpd-rs server

Impact ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS...