Primary

Context

ntpd-rs Excessive CPU Usage Vulnerability via Malformed NTS Packets

Vulnerability

Patched

A vulnerability in ntpd-rs prior to version 1.7.1 allows attackers to remotely cause moderate increases in CPU usage, 2 to 4 times above normal levels. This issue arises when Network Time Security (NTS) is enabled, as attackers can send malformed NTS packets that require more processing effort from the server by requesting a large number of cookies. The result is degraded server performance, even under normal load conditions.

Impact

Exploiting this vulnerability leads to excessive CPU usage, causing degraded server performance.

Remediation

Users are advised to upgrade to ntpd-rs version 1.7.1, which limits the number of cookies that can be requested. Instructions for downloading this version are available on the ntpd-rs GitHub releases page.

Added: Feb 12, 2026, 10:29 PM

Updated: Feb 12, 2026, 10:29 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

9.0

remediation

7.9

relevance

3.0

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

9.0

remediation

7.9

relevance

3.0

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ntpd-rs Excessive CPU Usage Vulnerability via Malformed NTS Packets

Vulnerability

Impact

Remediation

Affected Products

pendulum-project ntpd-rs

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating