GHSA-37XQ-Q42P-RV3P ntpd has Dependency on Vulnerable Third-Party Component

During startup, an attacker that can man-in-the-middle traffic to and from NTS key exchange servers can trigger a very expensive key validation process due to a vulnerability in webpki. Impact This vulnerability can lead to excessive cpu usage on startup on clients configured to use NTS Patches...

PT-2023-32968 · Unknown · Rustls-Webpki

Name of the Vulnerable Software and Affected Versions: rustls-webpki versions prior to 0.3.7 Description: The issue arises during startup when an attacker can intercept traffic to and from NTS key exchange servers, triggering an expensive key validation process due to a vulnerability in webpki...

OpenDataSH_twitter_notifier (>=0.1.0 <=0.1.2), a2 (>=0.2.0 <=0.6.2) +3004 more potentially affected by CVE-2018-16875 via webpki (>=0.18.1 <=0.21.4)

webpki CARGO version =0.18.1, =0.1.0, =0.2.0, =0.1.0, =0.2.0-beta.4, =0.1.1, =0.0.1, =0.0.7-alpha.3, =0.0.7-alpha.2, =0.0.7-alpha.1, =0.0.7-alpha.3, =1.0.0, =0.1.0, =0.8.0, =0.1.0, =0.2.2, =2.0.0-alpha.4 and more Source cves: CVE-2018-16875 Source advisory: OSV:RUSTSEC-2023-0052...