CVE-2010-0292

The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:N/I:N/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
tuxfamilychrony
𝑥
≤ 1.23-pre1
tuxfamilychrony
1.18
tuxfamilychrony
1.19
tuxfamilychrony
1.19-1
tuxfamilychrony
1.19.99.1
tuxfamilychrony
1.19.99.2
tuxfamilychrony
1.19.99.3
tuxfamilychrony
1.20
tuxfamilychrony
1.21
tuxfamilychrony
1.21-pre1
tuxfamilychrony
1.24-pre1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
chrony
bullseye
4.0-8+deb11u2
fixed
bookworm
4.3-2+deb12u1
fixed
trixie
4.6-1
fixed
sid
4.6.1-1
fixed
Common Weakness Enumeration