CVE-2023-4012

Name of the Vulnerable Software and Affected Versions ntpd versions (affected versions not specified)

Description The issue is related to the implementation of the Network Time Protocol (NTP) and specifically affects ntpd when it receives an NTS-enabled client request (mode 3) without being NTS-enabled itself (lacking a certificate). This can cause ntpd to crash. The vulnerability is associated with incomplete recognition of internal state, which can be exploited by a remote attacker to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.