NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2019-8936 (Candidate) is related to these bugs: