CVE 2015-7975
The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).
See the
CVE page on Mitre.org
for more details.