CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
86.2%
Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
tuxfamily | chrony | * | cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.0 | cpe:2.3:a:tuxfamily:chrony:1.0:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.1 | cpe:2.3:a:tuxfamily:chrony:1.1:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.18 | cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.19 | cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.19.99.1 | cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.19.99.2 | cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.19.99.3 | cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.20 | cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.21 | cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:* |