CVE-2012-4502

Name of the Vulnerable Software and Affected Versions Chrony versions prior to 1.29

Description The issue is caused by multiple integer overflows in the pktlength.c file, which can be exploited by remote attackers to cause a denial of service (crash). This can be achieved by sending crafted command requests, such as REQ SUBNETS ACCESSED or REQ CLIENT ACCESSES, to the PKL CommandLength function, or by sending crafted command replies, including RPY SUBNETS ACCESSED, RPY CLIENT ACCESSES, RPY CLIENT ACCESSES BY INDEX, or RPY MANUAL LIST, to the PKL ReplyLength function. These crafted requests or replies can trigger an out-of-bounds read or buffer overflow.

Recommendations For Chrony versions prior to 1.29, update to version 1.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the PKL CommandLength and PKL ReplyLength functions to minimize the risk of exploitation. Additionally, avoid using the REQ SUBNETS ACCESSED and REQ CLIENT ACCESSES command requests, as well as the RPY SUBNETS ACCESSED, RPY CLIENT ACCESSES, RPY CLIENT ACCESSES BY INDEX, and RPY MANUAL LIST command replies, until the issue is resolved.