CVE-2010-0294

chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:N/I:N/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
tuxfamilychrony
𝑥
≤ 1.23-pre1
tuxfamilychrony
1.18
tuxfamilychrony
1.19
tuxfamilychrony
1.19-1
tuxfamilychrony
1.19.99.1
tuxfamilychrony
1.19.99.2
tuxfamilychrony
1.19.99.3
tuxfamilychrony
1.20
tuxfamilychrony
1.21
tuxfamilychrony
1.21-pre1
tuxfamilychrony
1.24-pre1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
chrony
bullseye
4.0-8+deb11u2
fixed
bookworm
4.3-2+deb12u1
fixed
trixie
4.6-1
fixed
sid
4.6.1-1
fixed
Common Weakness Enumeration