VulnerableCode Package Details - pkg:deb/debian/ntpsec@1.1.3%2Bdfsg1-2%2Bdeb10u1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/ntpsec@1.1.3%2Bdfsg1-2%2Bdeb10u1

purl	pkg:deb/debian/ntpsec@1.1.3%2Bdfsg1-2%2Bdeb10u1

Next non-vulnerable version	1.2.0+dfsg1-4
Latest non-vulnerable version	1.2.0+dfsg1-4
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-278f-qdgu-2bbe Aliases: CVE-2021-22212	ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are shorter than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them.	1.2.0+dfsg1-4 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T22:56:53.241363+00:00	Debian Oval Importer	Affected by	VCID-278f-qdgu-2bbe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T22:33:16.168316+00:00	Debian Oval Importer	Affected by	VCID-278f-qdgu-2bbe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T22:08:45.458341+00:00	Debian Oval Importer	Affected by	VCID-278f-qdgu-2bbe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0