Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ntpd-rs affected by excessive CPU load from malformed packets
Vulnerability Description
ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases (2-4 times above normal) in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more effort for the server to respond to by requesting a large number of cookies. This can lead to degraded server performance even when a server could otherwise handle the load. This vulnerability is fixed in 1.7.1.
CVSS Information
N/A
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
ntpd-rs 安全漏洞
Vulnerability Description
ntpd-rs是Project Pendulum开源的一款用于同步计算机时钟的工具,可实现 NTP 和 NTS 协议。 ntpd-rs 1.7.1之前版本存在安全漏洞,该漏洞源于当服务器启用NTS时,攻击者可以创建畸形的NTS数据包,可能导致服务器CPU使用率增加和性能下降。
CVSS Information
N/A
Vulnerability Type
N/A