ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers
to cause a denial of service (ntpd abort) by a large request data value,
which triggers the ctl_getitem function to return a NULL value.
Author | Note |
---|---|
mdeslaur | trusty doesn’t use ctl_getitem without checking the return code |