CVE-2010-0293

high

Description

The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.

References

https://bugzilla.redhat.com/show_bug.cgi?id=555367

http://www.securityfocus.com/bid/38106

http://www.debian.org/security/2010/dsa-1992

http://secunia.com/advisories/38480

http://secunia.com/advisories/38428

http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=2f63cf448560fdb96b80d8488aae6a15b802a753

http://chrony.tuxfamily.org/News.html

Details

Source: Mitre, NVD

Published: 2010-02-08

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High