Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2012-4503
Modified
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-05 Nov, 2013 | 21:55
Updated At-29 Apr, 2026 | 01:13

cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
tuxfamily
tuxfamily
>>chrony>>Versions up to 1.28(inclusive)
cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.0
cpe:2.3:a:tuxfamily:chrony:1.0:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.1
cpe:2.3:a:tuxfamily:chrony:1.1:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.18
cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.19
cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.19.99.1
cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.19.99.2
cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.19.99.3
cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.20
cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.21
cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.21
cpe:2.3:a:tuxfamily:chrony:1.21:pre1:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.23
cpe:2.3:a:tuxfamily:chrony:1.23:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.23
cpe:2.3:a:tuxfamily:chrony:1.23:pre1:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.23.1
cpe:2.3:a:tuxfamily:chrony:1.23.1:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.24
cpe:2.3:a:tuxfamily:chrony:1.24:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.24
cpe:2.3:a:tuxfamily:chrony:1.24:pre1:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.25
cpe:2.3:a:tuxfamily:chrony:1.25:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.25
cpe:2.3:a:tuxfamily:chrony:1.25:pre1:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.25
cpe:2.3:a:tuxfamily:chrony:1.25:pre2:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.26
cpe:2.3:a:tuxfamily:chrony:1.26:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.26
cpe:2.3:a:tuxfamily:chrony:1.26:pre1:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.27
cpe:2.3:a:tuxfamily:chrony:1.27:*:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.27
cpe:2.3:a:tuxfamily:chrony:1.27:pre1:*:*:*:*:*:*
tuxfamily
tuxfamily
>>chrony>>1.28
cpe:2.3:a:tuxfamily:chrony:1.28:pre1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3secalert@redhat.com
N/A
http://permalink.gmane.org/gmane.comp.time.chrony.announce/15secalert@redhat.com
Vendor Advisory
http://seclists.org/oss-sec/2013/q3/332secalert@redhat.com
Patch
http://www.debian.org/security/2013/dsa-2760secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=846392secalert@redhat.com
N/A
http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3af854a3a-2127-422b-91ae-364da2661108
N/A
http://permalink.gmane.org/gmane.comp.time.chrony.announce/15af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://seclists.org/oss-sec/2013/q3/332af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.debian.org/security/2013/dsa-2760af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=846392af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://permalink.gmane.org/gmane.comp.time.chrony.announce/15
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://seclists.org/oss-sec/2013/q3/332
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://www.debian.org/security/2013/dsa-2760
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=846392
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git%3Ba=commitdiff%3Bh=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://permalink.gmane.org/gmane.comp.time.chrony.announce/15
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://seclists.org/oss-sec/2013/q3/332
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.debian.org/security/2013/dsa-2760
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=846392
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found