GHSA-37xq-q42p-rv3p: ntpd has Dependency on Vulnerable Third-Party Component
(updated )
During startup, an attacker that can man-in-the-middle traffic to and from NTS key exchange servers can trigger a very expensive key validation process due to a vulnerability in webpki.
References
- github.com/advisories/GHSA-37xq-q42p-rv3p
- github.com/pendulum-project/ntpd-rs
- github.com/pendulum-project/ntpd-rs/commit/927952a440176a18f3ded132eb831ae7f7ac5c00
- github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-37xq-q42p-rv3p
- github.com/rustsec/advisory-db/blob/main/crates/rustls-webpki/RUSTSEC-2023-0053.md
Code Behaviors & Features
Detect and mitigate GHSA-37xq-q42p-rv3p with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →