NTP BUG 3610: process_control() should bail earlier on short packets
Last update: June 27, 2022 20:45 UTC (51d68a4aa)
Fuzz testing detected that on systems that override the default and enable
ntpdc (mode 7) packets, a short packet will cause
ntpd to read uninitialized data.
- Leave mode7 disabled.
- Pay attention to error messages logged by
- Monitor your
Upgrade to 4.2.8p14 or later.
Reported by Philippe Antoine (Catena cyber with oss-fuzz).