Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
https://bugzilla.redhat.com/show_bug.cgi?id=1274263
https://security.gentoo.org/glsa/201607-15