CVE-2015-1822
First published: Thu Apr 16 2015(Updated: )
chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian GNU/Linux | =7.0 | |
| Chrony | <=1.31 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-1822?
CVE-2015-1822 has a medium severity level as it can lead to denial of service or arbitrary code execution.
How do I fix CVE-2015-1822?
To fix CVE-2015-1822, update Chrony to version 1.31.1 or later.
Who is impacted by CVE-2015-1822?
CVE-2015-1822 affects remote authenticated users on Debian Linux 7.0 and Chrony versions up to 1.31.
What exploit vector is associated with CVE-2015-1822?
CVE-2015-1822 can be exploited through unacknowledged replies to command requests leading to daemon crashes.
Can CVE-2015-1822 lead to remote code execution?
Yes, CVE-2015-1822 may allow remote authenticated users to execute arbitrary code under certain conditions.
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/weakness
- agent/remedy
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/7.0
- vendor/tuxfamily
- canonical/chrony
- version/chrony/1.31