Robert Pajak

**Name of the Vulnerable Software and Affected Versions** ntpd versions prior to 4.2.8p9 **Description** The issue allows remote attackers to cause a denial of service via a large UDP packet when ntpd is running on Windows. **Recommendations** For versions prior to 4.2.8p9, update to version 4.2.8p9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NTP versions prior to 4.2.8p9 **Description** The issue allows remote attackers to set or unset traps via a crafted control mode packet, which can lead to a denial of service caused by a NULL pointer dereference when the trap service has been enabled. By sending specially crafted packets, a remote attacker could exploit this to cause the application to crash. **Recommendations** For versions prior to 4.2.8p9, update to version 4.2.8p9 or later to resolve the issue. As a temporary workaround, consider disabling the trap service to minimize the risk of exploitation. Restrict access to the control mode functionality to minimize the risk of exploitation.