VulnerableCode Package Details - pkg:deb/debian/ntpsec@1.2.0%2Bdfsg1-4

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/ntpsec@1.2.0%2Bdfsg1-4

Essentials
History (3)

purl	pkg:deb/debian/ntpsec@1.2.0%2Bdfsg1-4

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-278f-qdgu-2bbe	ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are shorter than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them.	CVE-2021-22212

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T22:56:53.245079+00:00	Debian Oval Importer	Fixing	VCID-278f-qdgu-2bbe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T22:33:16.171896+00:00	Debian Oval Importer	Fixing	VCID-278f-qdgu-2bbe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T22:08:45.464236+00:00	Debian Oval Importer	Fixing	VCID-278f-qdgu-2bbe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0