It was reported that ntp misses validation of vallen value, leading to various information leaks. See for more details. It was reported that ntp allows bypassing source IP ACLs on some OSes when ::1 spoofed