NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.
support.ntp.org/bin/view/Main/NtpBug3389
support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
www.securityfocus.com/bid/97050
www.securitytracker.com/id/1038123
access.redhat.com/errata/RHSA-2017:3071
access.redhat.com/errata/RHSA-2018:0855
security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc
support.apple.com/HT208144
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us