CVE-2014-0021 — Project Chrony vulnerability

9 documents7 sources

Severity

7.5HIGHNVD

EPSS

2.4%

top 15.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tuxfamily Chrony Chrony Project Chrony Chrony +2 more

Timeline

PublishedNov 15

Latest updateMay 17

Description

Chrony before 1.29.1 has traffic amplification in cmdmon protocol

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDchrony_project/chrony< 1.29

▶Debiantuxfamily/chrony< 1.29.1-1+3

▶CVEListV5chrony/chronyFixed in 1.29.1

Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 19, 20

🔴Vulnerability Details

GHSA

GHSA-4xjv-r88q-f87j: Chrony before 1↗2022-05-17

▶

OSV

CVE-2014-0021: Chrony before 1↗2019-11-15

▶

CVEList

CVE-2014-0021: Chrony before 1↗2019-11-15

▶

📋Vendor Advisories

Red Hat

chrony: DDoS via amplification in cmdmon protocol↗2014-01-16

▶

Debian

CVE-2014-0021: chrony - Chrony before 1.29.1 has traffic amplification in cmdmon protocol↗2014

▶

💬Community

Bugzilla

CVE-2014-0021 chrony: DDoS via amplification in cmdmon protocol [epel-all]↗2014-02-05

▶

Bugzilla

CVE-2014-0021 chrony: DDoS via amplification in cmdmon protocol [fedora-all]↗2014-01-17

▶

Bugzilla

CVE-2014-0021 chrony: DDoS via amplification in cmdmon protocol↗2014-01-17

▶