Is ntpd affected by CVE-2024-38528?

crates.io ntpd is affected in >=0.3.1 <1.1.3.

Is CVE-2024-38528 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.7%.

high

CVE-2024-38528

Q: Is CVE-2024-38528 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.7%.

crates.io · ntpd

Summary

Unlimited number of NTS-KE connections can crash ntpd-rs server

Severity: high
EPSS: 0.7% (p49)
Also known as: GHSA-2xpx-vcmq-5f72
Published: 2024-06-28

References

https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-2xpx-vcmq-5f72
https://nvd.nist.gov/vuln/detail/CVE-2024-38528
https://github.com/pendulum-project/ntpd-rs/commit/6049687006ea5b26eeac927964b5fcc80d7bde50

Related advisories

CVE-2023-33192 — high · crates.io/ntpd
GHSA-v83q-83hj-rw38 — medium · crates.io/ntpd

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.