CVE-2012-4502
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2012-4502
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2012-4502.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2012-4502
- Downstream
- Related
- Published
- 2013-11-05T21:55:08Z
- Modified
- 2025-08-09T20:01:26Z
- Summary
- [none]
- Details
-
Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQSUBNETSACCESSED or (2) REQCLIENTACCESSES command request to the PKLCommandLength function or crafted (3) RPYSUBNETSACCESSED, (4) RPYCLIENTACCESSES, (5) RPYCLIENTACCESSESBYINDEX, or (6) RPYMANUALLIST command reply to the PKLReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit.
- References
-
- http://permalink.gmane.org/gmane.comp.time.chrony.announce/15
- http://www.debian.org/security/2013/dsa-2760
- http://seclists.org/oss-sec/2013/q3/332
- https://bugzilla.redhat.com/show_bug.cgi?id=846392
- http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=7712455d9aa33d0db0945effaa07e900b85987b1