Lucene search

[email protected]NVD:CVE-2012-4502

HistoryNov 05, 2013 - 9:55 p.m.

CVE-2012-4502

2013-11-0521:55:08

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.6

Confidence

High

EPSS

0.013

Percentile

86.2%

JSON

Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit.

Affected configurations

Nvd

Node

tuxfamilychronyRange≤1.28

tuxfamilychronyMatch1.0

tuxfamilychronyMatch1.1

tuxfamilychronyMatch1.18

tuxfamilychronyMatch1.19

tuxfamilychronyMatch1.19.99.1

tuxfamilychronyMatch1.19.99.2

tuxfamilychronyMatch1.19.99.3

tuxfamilychronyMatch1.20

tuxfamilychronyMatch1.21

tuxfamilychronyMatch1.21pre1

tuxfamilychronyMatch1.23

tuxfamilychronyMatch1.23pre1

tuxfamilychronyMatch1.23.1

tuxfamilychronyMatch1.24

tuxfamilychronyMatch1.24pre1

tuxfamilychronyMatch1.25

tuxfamilychronyMatch1.25pre1

tuxfamilychronyMatch1.25pre2

tuxfamilychronyMatch1.26

tuxfamilychronyMatch1.26pre1

tuxfamilychronyMatch1.27

tuxfamilychronyMatch1.27pre1

tuxfamilychronyMatch1.28pre1

VendorProductVersionCPE
tuxfamilychrony*cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*
tuxfamilychrony1.0cpe:2.3:a:tuxfamily:chrony:1.0:*:*:*:*:*:*:*
tuxfamilychrony1.1cpe:2.3:a:tuxfamily:chrony:1.1:*:*:*:*:*:*:*
tuxfamilychrony1.18cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:*
tuxfamilychrony1.19cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:*
tuxfamilychrony1.19.99.1cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:*
tuxfamilychrony1.19.99.2cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:*
tuxfamilychrony1.19.99.3cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:*
tuxfamilychrony1.20cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:*
tuxfamilychrony1.21cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tuxfamily	chrony	*	cpe:2.3:a:tuxfamily:chrony::::::::
tuxfamily	chrony	1.0	cpe:2.3:a:tuxfamily:chrony:1.0:::::::*
tuxfamily	chrony	1.1	cpe:2.3:a:tuxfamily:chrony:1.1:::::::*
tuxfamily	chrony	1.18	cpe:2.3:a:tuxfamily:chrony:1.18:::::::*
tuxfamily	chrony	1.19	cpe:2.3:a:tuxfamily:chrony:1.19:::::::*
tuxfamily	chrony	1.19.99.1	cpe:2.3:a:tuxfamily:chrony:1.19.99.1:::::::*
tuxfamily	chrony	1.19.99.2	cpe:2.3:a:tuxfamily:chrony:1.19.99.2:::::::*
tuxfamily	chrony	1.19.99.3	cpe:2.3:a:tuxfamily:chrony:1.19.99.3:::::::*
tuxfamily	chrony	1.20	cpe:2.3:a:tuxfamily:chrony:1.20:::::::*
tuxfamily	chrony	1.21	cpe:2.3:a:tuxfamily:chrony:1.21:::::::*