{"id":"CVE-2015-1822","details":"chrony before 1.31.1 does not initialize the last \"next\" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.","modified":"2026-04-16T01:48:36.181894115Z","published":"2015-04-16T14:59:03Z","withdrawn":"2026-01-27T04:13:50.282234Z","references":[{"type":"FIX","url":"http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2015/dsa-3222"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201507-01"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/73956"}],"schema_version":"1.7.3"}