{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-07T00:00:00", "descriptions": [{"lang": "en", "value": "chrony before 1.31.1 does not initialize the last \"next\" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "DSA-3222", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3222"}, {"name": "[chrony-announce] 20150407 chrony-1.31.1 released (security)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "GLSA-201507-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201507-01"}, {"name": "73956", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/73956"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:54:16.319Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3222", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3222"}, {"name": "[chrony-announce] 20150407 chrony-1.31.1 released (security)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "GLSA-201507-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201507-01"}, {"name": "73956", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/73956"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-1822", "datePublished": "2015-04-16T14:00:00", "dateReserved": "2015-02-17T00:00:00", "dateUpdated": "2024-08-06T04:54:16.319Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF48000B-8A0C-4280-ADA9-7A7B1F64AD1C", "versionEndIncluding": "1.31", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "chrony before 1.31.1 does not initialize the last \"next\" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests."}, {"lang": "es", "value": "chrony anterior a 1.31.1 no inicializa el \u00faltimo puntero 'pr\u00f3ximo' cuando guarda respuestas no reconocidas en solicitudes de comandos, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (referencia a puntero no inicializado y ca\u00edda de demonio) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un n\u00famero grande de solicitudes de comandos."}], "id": "CVE-2015-1822", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-04-16T14:59:03.023", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3222"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/73956"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201507-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3222"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/73956"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201507-01"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-17"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Miroslav Lichv\u00e1r (Red Hat).", "affected_release": [{"advisory": "RHSA-2015:2241", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "chrony-0:2.1.1-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-11-19T00:00:00Z"}], "bugzilla": {"description": "chrony: uninitialized pointer in cmdmon reply slots", "id": "1209632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209632"}, "csaw": false, "cvss": {"cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-456", "details": ["chrony before 1.31.1 does not initialize the last \"next\" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.", "An uninitialized pointer use flaw was found when allocating memory to save unacknowledged replies to authenticated command requests. An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process."], "name": "CVE-2015-1822", "public_date": "2015-04-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1822\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1822"], "threat_severity": "Moderate"}