5

CVE-2010-0293

EPSS 1.38%
Published 08.02.2010 20:30:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Tuxfamily ≫ Chrony Version <= 1.23-pre1

Tuxfamily ≫ Chrony Version1.18

Tuxfamily ≫ Chrony Version1.19

Tuxfamily ≫ Chrony Version1.19-1

Tuxfamily ≫ Chrony Version1.19.99.1

Tuxfamily ≫ Chrony Version1.19.99.2

Tuxfamily ≫ Chrony Version1.19.99.3

Tuxfamily ≫ Chrony Version1.20

Tuxfamily ≫ Chrony Version1.21

Tuxfamily ≫ Chrony Version1.21-pre1

Tuxfamily ≫ Chrony Version1.24-pre1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.38%	0.785

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

http://chrony.tuxfamily.org/News.html

Vendor Advisory

http://secunia.com/advisories/38428

Vendor Advisory

http://secunia.com/advisories/38480

Vendor Advisory

http://www.debian.org/security/2010/dsa-1992

http://www.securityfocus.com/bid/38106

https://bugzilla.redhat.com/show_bug.cgi?id=555367

http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=2f63cf448560fdb96b80d8488aae6a15b802a753

https://nvd.nist.gov/vuln/detail/CVE-2010-0293

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0293

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0293

EUVD