Home > Vulnerability Database > CVE-2010-0293

Mend Vulnerability Database

CVE-2010-0293

Good to know:

Date: October 3, 2022

The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.

Language: C

Severity Score

5.3

Related Resources (10)

Url: http://git.tuxfamily.org/chrony/chrony.git/?p=gitroot/chrony/chrony.git%3Ba=commit%3Bh=2f63cf448560fdb96b80d8488aae6a15b802a753

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-0293

Url: http://secunia.com/advisories/38480

Url: http://secunia.com/advisories/38428

Url: https://bugzilla.redhat.com/show_bug.cgi?id=555367

Url: http://chrony.tuxfamily.org/News.html

Url: http://www.securityfocus.com/bid/38106

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0293

Url: http://www.debian.org/security/2010/dsa-1992

Url: https://www.mend.io/vulnerability-database/CVE-2010-0293

Severity Score

5.3

Weakness Type (CWE)

Resource Management Errors

CWE-399

Top Fix

Upgrade Version

Upgrade to version 1.23.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend Vulnerability Database

We found results for “”

CVE-2010-0293

Good to know:

Date: October 3, 2022

Language: C

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?