Vulnerability Details : CVE-2012-4502
Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-4502
Probability of exploitation activity in the next 30 days: 0.49%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-4502
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-4502
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4502
-
https://bugzilla.redhat.com/show_bug.cgi?id=846392
846392 – (CVE-2012-4502, CVE-2012-4503) CVE-2012-4502 CVE-2012-4503 chrony: Two security flaws fixed in chrony-1.29 releasePatch
-
http://seclists.org/oss-sec/2013/q3/332
oss-sec: [Not a CVE request, just notification] CVE-2012-4502, CVE-2012-4503 -- Two security flaws fixed in Chrony v1.29Patch
-
http://www.debian.org/security/2013/dsa-2760
Debian -- Security Information -- DSA-2760-1 chrony
-
http://permalink.gmane.org/gmane.comp.time.chrony.announce/15
Patch;Vendor Advisory
-
http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=commitdiff;h=7712455d9aa33d0db0945effaa07e900b85987b1
cgit errorExploit;Patch
Products affected by CVE-2012-4502
- cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.27:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.27:pre1:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.26:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.26:pre1:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.24:pre1:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.23:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.23.1:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.23:pre1:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.25:pre2:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.24:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.28:pre1:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.25:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.25:pre1:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.21:pre1:*:*:*:*:*:*