CVE-2010-0293 : The client logging functionality in chronyd in Chrony before 1.23.1 does not res

The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.

Published 2010-02-08 20:30:01

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2010-0293

Tuxfamily » Chrony
Versions up to, including, (<=) 1.23-pre1
cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*
Matching versions
Tuxfamily » Chrony » Version: 1.20
cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:*
Matching versions
Tuxfamily » Chrony » Version: 1.21
cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:*
Matching versions
Tuxfamily » Chrony » Version: 1.21-pre1
cpe:2.3:a:tuxfamily:chrony:1.21-pre1:*:*:*:*:*:*:*
Matching versions
Tuxfamily » Chrony » Version: 1.19
cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:*
Matching versions
Tuxfamily » Chrony » Version: 1.19.99.3
cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:*
Matching versions
Tuxfamily » Chrony » Version: 1.24-pre1
cpe:2.3:a:tuxfamily:chrony:1.24-pre1:*:*:*:*:*:*:*
Matching versions
Tuxfamily » Chrony » Version: 1.19.99.2
cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:*
Matching versions
Tuxfamily » Chrony » Version: 1.19-1
cpe:2.3:a:tuxfamily:chrony:1.19-1:*:*:*:*:*:*:*
Matching versions
Tuxfamily » Chrony » Version: 1.19.99.1
cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:*
Matching versions
Tuxfamily » Chrony » Version: 1.18
cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2010-0293

EPSS FAQ

1.38%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2010-0293

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2010-0293

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0293

http://www.debian.org/security/2010/dsa-1992

Debian -- Security Information -- DSA-1992-1 chrony

CVEs referencing this url
http://secunia.com/advisories/38428

Sign in
Vendor Advisory

CVEs referencing this url
http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git;a=commit;h=2f63cf448560fdb96b80d8488aae6a15b802a753

cgit error
http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=2f63cf448560fdb96b80d8488aae6a15b802a753

cgit error
http://www.securityfocus.com/bid/38106

Chrony 1.23 and Prior Multiple Remote Denial of Service Vulnerabilities

CVEs referencing this url
http://secunia.com/advisories/38480

Runtime Error
Vendor Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=555367

555367 – (CVE-2010-0292, CVE-2010-0293, CVE-2010-0294) CVE-2010-0292 chrony susceptible to DoS attacks (CVE-2010-0293 CVE-2010-0294)

CVEs referencing this url
http://chrony.tuxfamily.org/News.html

chrony – News
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2010-0293

Products affected by CVE-2010-0293

Exploit prediction scoring system (EPSS) score for CVE-2010-0293

CVSS scores for CVE-2010-0293

CWE ids for CVE-2010-0293

References for CVE-2010-0293