CVE-2015-1821
chrony < 1.31 - Authenticated Heap-based Buffer Overflow via NTP or cmdmon Subnet Configuration
Title source: llmDescription
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder.
References (5)
Core 5
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3222
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73955
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201507-01
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Scores
EPSS
0.0344
EPSS Percentile
87.6%
Details
CWE
CWE-119
Status
published
Products (2)
debian/debian_linux
7.0
tuxfamily/chrony
< 1.31
Published
Apr 16, 2015
Tracked Since
Feb 18, 2026