Endpoint Vulnerability

Incomplete autokey data packet length checks

Description

The fix for CVE-2014-9750 was incomplete in that there were certain code paths where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause

Affected Products

NTP