CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
75.9%
cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply.
Vendor | Product | Version | CPE |
---|---|---|---|
tuxfamily | chrony | * | cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.0 | cpe:2.3:a:tuxfamily:chrony:1.0:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.1 | cpe:2.3:a:tuxfamily:chrony:1.1:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.18 | cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.19 | cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.19.99.1 | cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.19.99.2 | cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.19.99.3 | cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.20 | cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:* |
tuxfamily | chrony | 1.21 | cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:* |