Miroslav Lichvar reported that the ptp4l program in linuxptp, an implementation of the Precision Time Protocol , does not validate the messageLength field of incoming messages, allowing a remote attacker to cause a denial of service, information leak, or potentially remote code execution.