Unrated severityNVD Advisory· Published Nov 5, 2013· Updated Apr 29, 2026
CVE-2012-4503
CVE-2012-4503
Description
cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply.
Affected products
24cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*+ 23 more
- cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*range: <=1.28
- cpe:2.3:a:tuxfamily:chrony:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.19.99.1:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.19.99.2:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.19.99.3:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.21:pre1:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.23:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.23.1:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.23:pre1:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.24:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.24:pre1:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.25:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.25:pre1:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.25:pre2:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.26:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.26:pre1:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.27:*:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.27:pre1:*:*:*:*:*:*
- cpe:2.3:a:tuxfamily:chrony:1.28:pre1:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.