CVE-2010-0292

EPSS 1.2%

chrony - denial of service

Published: 2/8/2010Modified: 4/28/2026

Also known as:DEBIAN-CVE-2010-0292

Description

The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.

Affected packages (2)

Debian/chronyfrom 0, < 1.23-7
Debian/chronyfrom 0, < 1.21z-5+etch1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-0292