NVD

Id
24055  
Name
CVE-2015-1822  
Description
chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-04-16  
Modified Date
2016-11-28  
Seq
2015-1822  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
127694 24055 CVE-2015-1822 [chrony-announce] 20150407 chrony-1.31.1 released (security)  View
127695 24055 CVE-2015-1822 DSA-3222  View
127696 24055 CVE-2015-1822 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html  View
127697 24055 CVE-2015-1822 73956  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
7057 JVNDB-2015-002377 chrony におけるサービス運用妨害 (DoS) の脆弱性 chrony は、コマンドリクエストへの未確認応答 (unacknowledged replies) を保存する際、最後の "next" ポインタを初期化しないため、サービス運用妨害 (未初期化ポインタデリファレンスおよびデーモンクラッシュ) 状態にされる、または任意のコードを実行される脆弱性が存在します。 CVE-2015-1822 79047 CVE-2015-1822 24055 6.5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-002377.html 2015-04-07 2015-04-20 View