Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Chrony 远程拒绝服务漏洞
Vulnerability Description
chrony是软件开发者Richard Curnow所研发的一套用于维护计算机系统时钟精度的工具。该工具包含chronyd(在系统后台运行的守护进程)和chronyc(用来监控chronyd性能和配置其参数的用户界面)程序。 Chrony 1.29之前的版本中的cmdmon.c文件中存在安全漏洞,该漏洞源于当禁用客户端日志时,RPY_SUBNETS_ACCESSED和RPY_CLIENT_ACCESSES命令回复中包含未初始化数据。远程攻击者可利用该漏洞获取栈内存中的敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A