CVE-2010-0292

The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
tuxfamilychrony
𝑥
≤ 1.23-pre1
tuxfamilychrony
1.18
tuxfamilychrony
1.19
tuxfamilychrony
1.19-1
tuxfamilychrony
1.19.99.1
tuxfamilychrony
1.19.99.2
tuxfamilychrony
1.19.99.3
tuxfamilychrony
1.20
tuxfamilychrony
1.21
tuxfamilychrony
1.21-pre1
tuxfamilychrony
1.24-pre1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
chrony
bullseye
4.0-8+deb11u2
fixed
bookworm
4.3-2+deb12u1
fixed
sid
4.6.1-1
fixed
trixie
4.6.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chrony
karmic
Fixed 1.23-6+lenny1build0.9.10.1
released
jaunty
Fixed 1.23-6+lenny1build0.9.04.1
released
intrepid
ignored
hardy
Fixed 1.21z-5+etch1build0.8.04.1
released
dapper
ignored
Common Weakness Enumeration