CVE-2015-1821

EPSS 2.6%

chrony - security update

Published: 4/16/2015Modified: 3/9/2026

Also known as:DSA-3222-1DEBIAN-CVE-2015-1821

Description

Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder.

Affected packages (3)

Debian/chronyfrom 0, < 1.30-2
Debian/chronyfrom 0, < 1.24-3+squeeze2
Debian/chronyfrom 0, < 1.24-3.1+deb7u3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-1821