Lucene search

[email protected]NVD:CVE-2012-4503

HistoryNov 05, 2013 - 9:55 p.m.

CVE-2012-4503

2013-11-0521:55:08

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

75.9%

JSON

cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply.

Affected configurations

Nvd

Node

tuxfamilychronyRange≤1.28

tuxfamilychronyMatch1.0

tuxfamilychronyMatch1.1

tuxfamilychronyMatch1.18

tuxfamilychronyMatch1.19

tuxfamilychronyMatch1.19.99.1

tuxfamilychronyMatch1.19.99.2

tuxfamilychronyMatch1.19.99.3

tuxfamilychronyMatch1.20

tuxfamilychronyMatch1.21

tuxfamilychronyMatch1.21pre1

tuxfamilychronyMatch1.23

tuxfamilychronyMatch1.23pre1

tuxfamilychronyMatch1.23.1

tuxfamilychronyMatch1.24

tuxfamilychronyMatch1.24pre1

tuxfamilychronyMatch1.25

tuxfamilychronyMatch1.25pre1

tuxfamilychronyMatch1.25pre2

tuxfamilychronyMatch1.26

tuxfamilychronyMatch1.26pre1

tuxfamilychronyMatch1.27

tuxfamilychronyMatch1.27pre1

tuxfamilychronyMatch1.28pre1

VendorProductVersionCPE
tuxfamilychrony*cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*
tuxfamilychrony1.0cpe:2.3:a:tuxfamily:chrony:1.0:*:*:*:*:*:*:*
tuxfamilychrony1.1cpe:2.3:a:tuxfamily:chrony:1.1:*:*:*:*:*:*:*
tuxfamilychrony1.18cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:*
tuxfamilychrony1.19cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:*
tuxfamilychrony1.19.99.1cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:*
tuxfamilychrony1.19.99.2cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:*
tuxfamilychrony1.19.99.3cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:*
tuxfamilychrony1.20cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:*
tuxfamilychrony1.21cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tuxfamily	chrony	*	cpe:2.3:a:tuxfamily:chrony::::::::
tuxfamily	chrony	1.0	cpe:2.3:a:tuxfamily:chrony:1.0:::::::*
tuxfamily	chrony	1.1	cpe:2.3:a:tuxfamily:chrony:1.1:::::::*
tuxfamily	chrony	1.18	cpe:2.3:a:tuxfamily:chrony:1.18:::::::*
tuxfamily	chrony	1.19	cpe:2.3:a:tuxfamily:chrony:1.19:::::::*
tuxfamily	chrony	1.19.99.1	cpe:2.3:a:tuxfamily:chrony:1.19.99.1:::::::*
tuxfamily	chrony	1.19.99.2	cpe:2.3:a:tuxfamily:chrony:1.19.99.2:::::::*
tuxfamily	chrony	1.19.99.3	cpe:2.3:a:tuxfamily:chrony:1.19.99.3:::::::*
tuxfamily	chrony	1.20	cpe:2.3:a:tuxfamily:chrony:1.20:::::::*
tuxfamily	chrony	1.21	cpe:2.3:a:tuxfamily:chrony:1.21:::::::*