Home

Description

ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).

PUBLISHED Reserved 2023-07-31 | Published 2023-08-07 | Updated 2026-06-21 | Assigner GitLab




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-372: Incomplete Internal State Distinction

Product status

Default status
unaffected

1.2.2
affected

Credits

R.L. Nicholas finder

References

gitlab.com/NTPsec/ntpsec/-/issues/794 (GitLab Issue #794) issue-tracking

bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038422

gitlab.com/NTPsec/ntpsec/-/issues/794 (GitLab Issue #794) issue-tracking

bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038422 broken-link

cve.org (CVE-2023-4012)

nvd.nist.gov (CVE-2023-4012)

Download JSON