A denial of service vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to a null pointer dereference when handling crypto-NAK packets. A remote attacker can exploit this vulnerability by sending an unsolicited crypto-NAK packet to the target service.