VulnerableCode Package Details - pkg:apk/alpine/ntpsec@1.2.1-r0?arch=aarch64&distroversion=v3.14&reponame=community

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apk/alpine/ntpsec@1.2.1-r0?arch=aarch64&distroversion=v3.14&reponame=community

purl	pkg:apk/alpine/ntpsec@1.2.1-r0?arch=aarch64&distroversion=v3.14&reponame=community

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-278f-qdgu-2bbe	ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are shorter than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them.	CVE-2021-22212

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T19:34:00.341114+00:00	Alpine Linux Importer	Fixing	VCID-278f-qdgu-2bbe	https://secdb.alpinelinux.org/v3.14/community.json	38.0.0