NTP BUG 2909: Slow memory leak in CRYPTO_ASSOC
Last update: June 28, 2022 20:06 UTC (57417e17c)
||21 Oct 2015
||All ntp-4 releases that use autokey up to, but not including 4.2.8p4,
and 4.3.0 up to, but not including 4.3.77.
|Resolved in 4.2.8p4.
||0.0 best/usual case, 4.6 otherwise
ntpd is configured to use autokey, then an attacker can send packets to
ntpd that will, after several days of ongoing attack, cause it to run out of memory.
This weakness was discovered by Tenable Network Security.