The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.
https://bugzilla.redhat.com/show_bug.cgi?id=555367
http://www.securityfocus.com/bid/38106
http://www.debian.org/security/2010/dsa-1992
http://secunia.com/advisories/38480