CVE-2023-3036 Information

Description

An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71  enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents.

Reference

https://github.com/cloudflare/cfnts/security/advisories/GHSA-pwx6-gw47-96cp