CVE-2012-4502Chrony vulnerability

CWE-1899 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.8%
top 25.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tuxfamily Chrony
Timeline
PublishedNov 5
Latest updateMay 17

Description

Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not r

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiantuxfamily/chrony< 1.29-1+3
NVDtuxfamily/chrony1.28+16

Patches

Patch: permalink.gmane.orgPatch: seclists.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-93mp-m23x-f3x9: Multiple integer overflows in pktlength2022-05-17
OSV
CVE-2012-4502: Multiple integer overflows in pktlength2013-11-05
CVEList
CVE-2012-4502: Multiple integer overflows in pktlength2013-11-05

📋Vendor Advisories

2
Red Hat
chrony: Two security flaws fixed in chrony-1.29 release2013-08-09
Debian
CVE-2012-4502: chrony - Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote att...2012

💬Community

3
Bugzilla
CVE-2012-4503 CVE-2012-4502 chrony: Two security flaws fixed in chrony-1.29 release [epel-all]2013-08-09
Bugzilla
CVE-2012-4503 CVE-2012-4502 chrony: Two security flaws fixed in chrony-1.29 release [fedora-all]2013-08-09
Bugzilla
CVE-2012-4502 CVE-2012-4503 chrony: Two security flaws fixed in chrony-1.29 release2012-08-07
CVE-2012-4502 — Tuxfamily Chrony vulnerability | cvebase