cmdmon.c in Chrony prior to 1.29 allows remote malicious users to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tuxfamily chrony 1.24 |
||
tuxfamily chrony 1.21 |
||
tuxfamily chrony 1.19 |
||
tuxfamily chrony 1.23 |
||
tuxfamily chrony 1.25 |
||
tuxfamily chrony 1.1 |
||
tuxfamily chrony 1.27 |
||
tuxfamily chrony 1.20 |
||
tuxfamily chrony |
||
tuxfamily chrony 1.19.99.3 |
||
tuxfamily chrony 1.23.1 |
||
tuxfamily chrony 1.19.99.2 |
||
tuxfamily chrony 1.0 |
||
tuxfamily chrony 1.28 |
||
tuxfamily chrony 1.18 |
||
tuxfamily chrony 1.26 |
||
tuxfamily chrony 1.19.99.1 |