2391941 – (CVE-2025-58066) CVE-2025-58066 ntpd-rs: DoS Vulnerability in ntpd-rs

Bug 2391941 (CVE-2025-58066) - CVE-2025-58066 ntpd-rs: DoS Vulnerability in ntpd-rs

Summary: CVE-2025-58066 ntpd-rs: DoS Vulnerability in ntpd-rs

Keywords:
Status:	NEW
Alias:	CVE-2025-58066
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2391951 2391952
Blocks:
TreeView+	depends on / blocked

Reported:	2025-08-29 21:01 UTC by OSIDB Bzimport
Modified:	2025-08-29 21:07 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-08-29 21:01:19 UTC

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can induce a message storm between two NTP servers running ntpd-rs. Client-only configurations are not affected. Affected users are recommended to upgrade to version 1.6.2 as soon as possible.

Note You need to log in before you can comment on or make changes to this bug.