A denial of service vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to a null pointer dereference in the _IO_str_init_static_internal() function. A remote attacker can exploit this vulnerability by sending a crafted packet to the target service. Successful exploitation may result in denial-of-service conditions.