CVE-2023-33192 – CVE-2023-33192 is a denial-of-service vulnerabi... (How to Fix)

Q: What is the severity of CVE-2023-33192?

CVE-2023-33192 has a CVSS score of 7.5 (HIGH). CVE-2023-33192 is a denial-of-service vulnerability in ntpd-rs where improper validation of NTS cookie length allows attackers to crash the server with specially crafted NTP packets. The server also crashes when receiving NTS packets without proper NTS configuration. All ntpd-rs users running vulnerable versions are affected.

📋 TL;DR

CVE-2023-33192 is a denial-of-service vulnerability in ntpd-rs where improper validation of NTS cookie length allows attackers to crash the server with specially crafted NTP packets. The server also crashes when receiving NTS packets without proper NTS configuration. All ntpd-rs users running vulnerable versions are affected.

💻 Affected Systems

Products:

ntpd-rs

Versions: Versions before 0.3.3

Operating Systems: All operating systems running ntpd-rs

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerable regardless of NTS configuration - server crashes even when not configured for NTS

📦 What is this software?

Ntpd Rs by Tweedegolf

View all CVEs affecting Ntpd Rs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete NTP service disruption causing time synchronization failures across dependent systems and services

🟠

Likely Case

NTP service crashes requiring manual restart, causing temporary time synchronization issues

🟢

If Mitigated

Minimal impact with proper error handling and monitoring in patched versions

🌐 Internet-Facing: HIGH - NTP servers are typically internet-facing and accept packets from untrusted sources

🏢 Internal Only: MEDIUM - Internal attackers could still exploit, but attack surface is reduced

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple packet crafting required, no authentication needed, making exploitation trivial

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.3.3

Vendor Advisory: https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-qwhm-h7v3-mrjx

Restart Required: Yes

Instructions:

1. Stop ntpd-rs service. 2. Update to version 0.3.3 or later using package manager or source compilation. 3. Restart ntpd-rs service.

🔧 Temporary Workarounds

Network filtering

all

Block NTP packets with NTS extensions at network perimeter

Disable NTS support

all

Configure ntpd-rs to reject NTS packets entirely

Edit ntpd-rs configuration to remove NTS keys and disable NTS server functionality

🧯 If You Can't Patch

Implement network ACLs to restrict NTP traffic to trusted sources only
Deploy monitoring and automated restart scripts for ntpd-rs service

🔍 How to Verify

Check if Vulnerable:

Check ntpd-rs version: if version < 0.3.3, system is vulnerable

Check Version:

ntp-daemon --version or check package manager (apt list ntpd-rs, yum list ntpd-rs, etc.)

Verify Fix Applied:

Confirm ntpd-rs version is 0.3.3 or later and service is running without crashes

📡 Detection & Monitoring

Log Indicators:

ntpd-rs process crashes
segmentation fault errors in system logs
NTP service restart messages

Network Indicators:

Unusual NTP packets with malformed NTS extensions
NTP packets with short cookie fields

SIEM Query:

source="ntpd-rs" AND ("segmentation fault" OR "panic" OR "crash")

📊 Metadata

CVE ID: CVE-2023-33192

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-130

Published: May 27, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/pendulum-project/ntpd-rs/pull/752 Patch
https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-qwhm-h7v3-mrjx Mitigation,Vendor Advisory
https://github.com/pendulum-project/ntpd-rs/pull/752 Patch
https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-qwhm-h7v3-mrjx Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33192, you might also want to check these: