CVE-2010-0293Chrony vulnerability

CWE-3996 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
1.4%
top 19.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tuxfamily Chrony
Timeline
PublishedFeb 8
Latest updateMay 2

Description

The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiantuxfamily/chrony< 1.23-7+3
NVDtuxfamily/chrony1.23-pre1+10

🔴Vulnerability Details

3
GHSA
GHSA-3vvg-7h3p-gmv3: The client logging functionality in chronyd in Chrony before 12022-05-02
OSV
CVE-2010-0293: The client logging functionality in chronyd in Chrony before 12010-02-08
CVEList
CVE-2010-0293: The client logging functionality in chronyd in Chrony before 12010-02-08

📋Vendor Advisories

1
Debian
CVE-2010-0293: chrony - The client logging functionality in chronyd in Chrony before 1.23.1 does not res...2010

💬Community

1
Bugzilla
CVE-2010-0292 chrony susceptible to DoS attacks (CVE-2010-0293 CVE-2010-0294)2010-01-14
CVE-2010-0293 — Tuxfamily Chrony vulnerability | cvebase