nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can induce a message storm between two NTP servers running ntpd-rs. Client-only configurations are not affected. Affected users are recommended to upgrade to version 1.6.2 as soon as possible.
History

Tue, 02 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 29 Aug 2025 21:00:00 +0000

Type Values Removed Values Added
Description nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can induce a message storm between two NTP servers running ntpd-rs. Client-only configurations are not affected. Affected users are recommended to upgrade to version 1.6.2 as soon as possible.
Title DoS Vulnerability in ntpd-rs
Weaknesses CWE-406
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-09-02T13:53:59.838Z

Reserved: 2025-08-22T14:30:32.222Z

Link: CVE-2025-58066

cve-icon Vulnrichment

Updated: 2025-09-02T13:53:56.296Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-29T21:15:36.280

Modified: 2025-09-02T15:55:35.520

Link: CVE-2025-58066

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.