chrony before 1.31.1 does not initialize the last “next” pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 7.0 | |
chrony | le | 1.31 |