5

CVE-2012-4502

Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow.  NOTE: versions 1.27 and 1.28 do not require authentication to exploit.

Data is provided by the National Vulnerability Database (NVD)
TuxfamilyChrony Version <= 1.28
TuxfamilyChrony Version1.0
TuxfamilyChrony Version1.1
TuxfamilyChrony Version1.18
TuxfamilyChrony Version1.19
TuxfamilyChrony Version1.19.99.1
TuxfamilyChrony Version1.19.99.2
TuxfamilyChrony Version1.19.99.3
TuxfamilyChrony Version1.20
TuxfamilyChrony Version1.21
TuxfamilyChrony Version1.21 Updatepre1
TuxfamilyChrony Version1.23
TuxfamilyChrony Version1.23 Updatepre1
TuxfamilyChrony Version1.23.1
TuxfamilyChrony Version1.24
TuxfamilyChrony Version1.24 Updatepre1
TuxfamilyChrony Version1.25
TuxfamilyChrony Version1.25 Updatepre1
TuxfamilyChrony Version1.25 Updatepre2
TuxfamilyChrony Version1.26
TuxfamilyChrony Version1.26 Updatepre1
TuxfamilyChrony Version1.27
TuxfamilyChrony Version1.27 Updatepre1
TuxfamilyChrony Version1.28 Updatepre1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.95% 0.742
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P