CVE-2015-1853

EPSS 0.92%
Published 09.12.2019 19:15:14
Last modified 21.11.2024 02:26:16
Source secalert@redhat.com
Teams watchlist Login
Open Login

chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Tuxfamily ≫ Chrony Version < 1.31.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.92%	0.746

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

http://chrony.tuxfamily.org/News.html

Vendor Advisory

Release Notes

https://security.gentoo.org/glsa/201507-01

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-1853

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-1853

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-1853

EUVD