Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities by tweedegolf

    CVE-2026-26076 (GCVE-0-2026-26076)

    Vulnerability from nvd – Published: 2026-02-12 21:48 – Updated: 2026-02-13 16:00
    VLAI
    Title
    ntpd-rs affected by excessive CPU load from malformed packets
    Summary
    ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases (2-4 times above normal) in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more effort for the server to respond to by requesting a large number of cookies. This can lead to degraded server performance even when a server could otherwise handle the load. This vulnerability is fixed in 1.7.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    pendulum-project ntpd-rs Affected: < 1.7.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26076",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T15:59:59.828414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T16:00:13.690Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ntpd-rs",
              "vendor": "pendulum-project",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases (2-4 times above normal) in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more effort for the server to respond to by requesting a large number of cookies. This can lead to degraded server performance even when a server could otherwise handle the load. This vulnerability is fixed in 1.7.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-12T21:48:44.651Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-c7j7-rmvr-fjmv",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-c7j7-rmvr-fjmv"
            },
            {
              "name": "https://github.com/pendulum-project/ntpd-rs/commit/fa73af14d17b666b1142b9fee3ba22c18a841d24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pendulum-project/ntpd-rs/commit/fa73af14d17b666b1142b9fee3ba22c18a841d24"
            },
            {
              "name": "https://github.com/pendulum-project/ntpd-rs/releases/tag/v1.7.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pendulum-project/ntpd-rs/releases/tag/v1.7.1"
            }
          ],
          "source": {
            "advisory": "GHSA-c7j7-rmvr-fjmv",
            "discovery": "UNKNOWN"
          },
          "title": "ntpd-rs affected by excessive CPU load from malformed packets"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-26076",
        "datePublished": "2026-02-12T21:48:44.651Z",
        "dateReserved": "2026-02-10T18:01:31.901Z",
        "dateUpdated": "2026-02-13T16:00:13.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-33192 (GCVE-0-2023-33192)

    Vulnerability from nvd – Published: 2023-05-27 03:53 – Updated: 2025-01-14 18:20
    VLAI
    Title
    Improper handling of NTS cookie length that could crash the ntpd-rs server
    Summary
    ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS packets. The issue was caused by improper slice indexing. The indexing operations were replaced by safer alternatives that do not crash the ntpd-rs server process but instead properly handle the error condition. A patch was released in version 0.3.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-130 - Improper Handling of Length Parameter Inconsistency
    Assigner
    References
    Impacted products
    Vendor Product Version
    pendulum-project ntpd-rs Affected: >= 0.3.0, < 0.3.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.717Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-qwhm-h7v3-mrjx",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-qwhm-h7v3-mrjx"
              },
              {
                "name": "https://github.com/pendulum-project/ntpd-rs/pull/752",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pendulum-project/ntpd-rs/pull/752"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33192",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:20:35.734868Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:20:44.928Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ntpd-rs",
              "vendor": "pendulum-project",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.3.0, \u003c 0.3.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS packets. The issue was caused by improper slice indexing. The indexing operations were replaced by safer alternatives that do not crash the ntpd-rs server process but instead properly handle the error condition. A patch was released in version 0.3.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-130",
                  "description": "CWE-130: Improper Handling of Length Parameter Inconsistency",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-27T03:53:34.506Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-qwhm-h7v3-mrjx",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-qwhm-h7v3-mrjx"
            },
            {
              "name": "https://github.com/pendulum-project/ntpd-rs/pull/752",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pendulum-project/ntpd-rs/pull/752"
            }
          ],
          "source": {
            "advisory": "GHSA-qwhm-h7v3-mrjx",
            "discovery": "UNKNOWN"
          },
          "title": "Improper handling of NTS cookie length that could crash the ntpd-rs server"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-33192",
        "datePublished": "2023-05-27T03:53:34.506Z",
        "dateReserved": "2023-05-17T22:25:50.699Z",
        "dateUpdated": "2025-01-14T18:20:44.928Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-26076 (GCVE-0-2026-26076)

    Vulnerability from cvelistv5 – Published: 2026-02-12 21:48 – Updated: 2026-02-13 16:00
    VLAI
    Title
    ntpd-rs affected by excessive CPU load from malformed packets
    Summary
    ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases (2-4 times above normal) in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more effort for the server to respond to by requesting a large number of cookies. This can lead to degraded server performance even when a server could otherwise handle the load. This vulnerability is fixed in 1.7.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    pendulum-project ntpd-rs Affected: < 1.7.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26076",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T15:59:59.828414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T16:00:13.690Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ntpd-rs",
              "vendor": "pendulum-project",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases (2-4 times above normal) in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more effort for the server to respond to by requesting a large number of cookies. This can lead to degraded server performance even when a server could otherwise handle the load. This vulnerability is fixed in 1.7.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-12T21:48:44.651Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-c7j7-rmvr-fjmv",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-c7j7-rmvr-fjmv"
            },
            {
              "name": "https://github.com/pendulum-project/ntpd-rs/commit/fa73af14d17b666b1142b9fee3ba22c18a841d24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pendulum-project/ntpd-rs/commit/fa73af14d17b666b1142b9fee3ba22c18a841d24"
            },
            {
              "name": "https://github.com/pendulum-project/ntpd-rs/releases/tag/v1.7.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pendulum-project/ntpd-rs/releases/tag/v1.7.1"
            }
          ],
          "source": {
            "advisory": "GHSA-c7j7-rmvr-fjmv",
            "discovery": "UNKNOWN"
          },
          "title": "ntpd-rs affected by excessive CPU load from malformed packets"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-26076",
        "datePublished": "2026-02-12T21:48:44.651Z",
        "dateReserved": "2026-02-10T18:01:31.901Z",
        "dateUpdated": "2026-02-13T16:00:13.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-33192 (GCVE-0-2023-33192)

    Vulnerability from cvelistv5 – Published: 2023-05-27 03:53 – Updated: 2025-01-14 18:20
    VLAI
    Title
    Improper handling of NTS cookie length that could crash the ntpd-rs server
    Summary
    ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS packets. The issue was caused by improper slice indexing. The indexing operations were replaced by safer alternatives that do not crash the ntpd-rs server process but instead properly handle the error condition. A patch was released in version 0.3.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-130 - Improper Handling of Length Parameter Inconsistency
    Assigner
    References
    Impacted products
    Vendor Product Version
    pendulum-project ntpd-rs Affected: >= 0.3.0, < 0.3.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.717Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-qwhm-h7v3-mrjx",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-qwhm-h7v3-mrjx"
              },
              {
                "name": "https://github.com/pendulum-project/ntpd-rs/pull/752",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/pendulum-project/ntpd-rs/pull/752"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33192",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:20:35.734868Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:20:44.928Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ntpd-rs",
              "vendor": "pendulum-project",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.3.0, \u003c 0.3.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS packets. The issue was caused by improper slice indexing. The indexing operations were replaced by safer alternatives that do not crash the ntpd-rs server process but instead properly handle the error condition. A patch was released in version 0.3.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-130",
                  "description": "CWE-130: Improper Handling of Length Parameter Inconsistency",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-27T03:53:34.506Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-qwhm-h7v3-mrjx",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-qwhm-h7v3-mrjx"
            },
            {
              "name": "https://github.com/pendulum-project/ntpd-rs/pull/752",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/pendulum-project/ntpd-rs/pull/752"
            }
          ],
          "source": {
            "advisory": "GHSA-qwhm-h7v3-mrjx",
            "discovery": "UNKNOWN"
          },
          "title": "Improper handling of NTS cookie length that could crash the ntpd-rs server"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-33192",
        "datePublished": "2023-05-27T03:53:34.506Z",
        "dateReserved": "2023-05-17T22:25:50.699Z",
        "dateUpdated": "2025-01-14T18:20:44.928Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }