NTP BUG 2909: Slow memory leak in CRYPTO_ASSOC
Last update: March 2, 2022 17:28 UTC (616623bea)
||21 Oct 2015
||All ntp-4 releases that use autokey up to, but not including 4.2.8p4,
and 4.3.0 up to, but not including 4.3.77.
|Resolved in 4.2.8p4.
||0.0 best/usual case, 4.6 otherwise
ntpd is configured to use autokey, then an attacker can send packets to
ntpd that will, after several days of ongoing attack, cause it to run out of memory.
This weakness was discovered by Tenable Network Security.