Rma-Xo

**Name of the Vulnerable Software and Affected Versions** NTP versions 4.2.8p15 **Description** The issue is related to an out-of-bounds write in the `mstolfp()` function in `libntp/mstolfp.c` when adding a '0' character. This can be exploited by a remote attacker to potentially execute arbitrary code by sending a specially crafted request to the server. The vulnerability affects the ntpq process, but not ntpd. It can also cause a denial of service. **Recommendations** For NTP version 4.2.8p15, consider disabling the `mstolfp()` function in `libntp/mstolfp.c` as a temporary workaround until a patch is available. Restrict access to the ntpq process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.