CVE-2015-1822

Loading...

General

Score:6.5/10.0
Severity:Medium
Category:Implementation Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:Single

Relative vulnerabilities

CVE-2015-1821, CVE-2015-1853

Published on 16/04/15 - Updated on 01/07/17

Description

chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.

Category: Implementation Error

CWE-17 (Code)
Weaknesses in this category are typically introduced during code development, including specification, design, and implementation.

Security Notices

US National Vulnerability DatabaseCVE-2015-1822
Amazon Linux ALAS-2015-539
CentOS CESA-2015:2241
Debian DSA-3222-1
Debian LTSDLA-193-1
Oracle Linux ELSA-2015-2241
Redhat RHSA-2015:2241

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
debiandebian_linux
tuxfamilychrony

Share this vulnerability with:

Twitter Facebook LinkedIn Mail