Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2012-4502

Published: 05/11/2013 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Chrony

Vulnerability Summary

Multiple integer overflows in pktlength.c in Chrony prior to 1.29 allow remote malicious users to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit.

Vulnerable Product Search on Vulmon Subscribe to Product

tuxfamily chrony 1.24

tuxfamily chrony 1.21

tuxfamily chrony 1.19

tuxfamily chrony 1.23

tuxfamily chrony 1.25

tuxfamily chrony 1.1

tuxfamily chrony 1.27

tuxfamily chrony 1.20

tuxfamily chrony

tuxfamily chrony 1.19.99.3

tuxfamily chrony 1.23.1

tuxfamily chrony 1.19.99.2

tuxfamily chrony 1.0

tuxfamily chrony 1.28

tuxfamily chrony 1.18

tuxfamily chrony 1.26

tuxfamily chrony 1.19.99.1

Vendor Advisories

Debian CVElist Bug Report Logs: chrony: CVE-2012-4502 and CVE-2012-4503
Debian Bug report logs - #719203 chrony: CVE-2012-4502 and CVE-2012-4503 Package: chrony; Maintainer for chrony is Vincent Blut <vincentdebian@freefr>; Source for chrony is src:chrony (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 9 Aug 2013 08:51:02 UTC Severity: grave Tag ...
Debian Security Advisories: DSA-2760-1 chrony -- several vulnerabilities
Florian Weimer discovered two security problems in the Chrony time synchronisation software (buffer overflows and use of uninitialised data in command replies) For the oldstable distribution (squeeze), these problems will be fixed soon in 124-3+squeeze1 (due to a technical restriction in the archive processing scripts the two updates cannot be re ...
Red Hat: CVE-2012-4502
Multiple integer overflows in pktlengthc in Chrony before 129 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MAN ...

References

CWE-189http://permalink.gmane.org/gmane.comp.time.chrony.announce/15https://bugzilla.redhat.com/show_bug.cgi?id=846392http://seclists.org/oss-sec/2013/q3/332http://www.debian.org/security/2013/dsa-2760http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=7712455d9aa33d0db0945effaa07e900b85987b1https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719203https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2012-4502https://www.debian.org/security/./dsa-2760
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook