The following flaw was found in ntpd:
An exploitable use-after-free vulnerability exists in the password management functionality of the Network Time Protocol. A specially crafted key file could cause a buffer overflow resulting in memory corruption. An attacker could provide a malicious password file to trigger this vulnerability.
This issue did not affect the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, and 7 as these version do not include the affected code.