The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Chrony | Tuxfamily | * | 1.23-pre1 (including) |
| Chrony | Tuxfamily | 1.18 (including) | 1.18 (including) |
| Chrony | Tuxfamily | 1.19 (including) | 1.19 (including) |
| Chrony | Tuxfamily | 1.19-1 (including) | 1.19-1 (including) |
| Chrony | Tuxfamily | 1.19.99.1 (including) | 1.19.99.1 (including) |
| Chrony | Tuxfamily | 1.19.99.2 (including) | 1.19.99.2 (including) |
| Chrony | Tuxfamily | 1.19.99.3 (including) | 1.19.99.3 (including) |
| Chrony | Tuxfamily | 1.20 (including) | 1.20 (including) |
| Chrony | Tuxfamily | 1.21 (including) | 1.21 (including) |
| Chrony | Tuxfamily | 1.21-pre1 (including) | 1.21-pre1 (including) |
| Chrony | Tuxfamily | 1.24-pre1 (including) | 1.24-pre1 (including) |
| Chrony | Ubuntu | dapper | * |
| Chrony | Ubuntu | devel | * |
| Chrony | Ubuntu | hardy | * |
| Chrony | Ubuntu | intrepid | * |
| Chrony | Ubuntu | jaunty | * |
| Chrony | Ubuntu | karmic | * |
| Chrony | Ubuntu | upstream | * |