CVE-2010-0293

The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:N/I:N/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
tuxfamilychrony
𝑥
≤ 1.23-pre1
tuxfamilychrony
1.18
tuxfamilychrony
1.19
tuxfamilychrony
1.19-1
tuxfamilychrony
1.19.99.1
tuxfamilychrony
1.19.99.2
tuxfamilychrony
1.19.99.3
tuxfamilychrony
1.20
tuxfamilychrony
1.21
tuxfamilychrony
1.21-pre1
tuxfamilychrony
1.24-pre1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
chrony
bullseye
4.0-8+deb11u2
fixed
bookworm
4.3-2+deb12u1
fixed
trixie
4.6-1
fixed
sid
4.6.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chrony
karmic
Fixed 1.23-6+lenny1build0.9.10.1
released
jaunty
Fixed 1.23-6+lenny1build0.9.04.1
released
intrepid
ignored
hardy
Fixed 1.21z-5+etch1build0.8.04.1
released
dapper
ignored
Common Weakness Enumeration