Ntpd · Ntpd · CVE-2023-4012
**Name of the Vulnerable Software and Affected Versions**
ntpd versions (affected versions not specified)
**Description**
The issue is related to the implementation of the Network Time Protocol (NTP) and specifically affects ntpd when it receives an NTS-enabled client request (mode 3) without being NTS-enabled itself (lacking a certificate). This can cause ntpd to crash. The vulnerability is associated with incomplete recognition of internal state, which can be exploited by a remote attacker to cause a denial of service.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.