CVE-2019-9706
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
12/03/2019
Last modified:
30/11/2021
Description
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:debian:cron:3.0:-:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:cron:3.0:pl1:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:cron:3.0:pl1-100:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:cron:3.0:pl1-101:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:cron:3.0:pl1-102:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:cron:3.0:pl1-103:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:cron:3.0:pl1-104:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:cron:3.0:pl1-105:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:cron:3.0:pl1-106:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:cron:3.0:pl1-107:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:cron:3.0:pl1-108:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:cron:3.0:pl1-109:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:cron:3.0:pl1-110:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:cron:3.0:pl1-111:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:cron:3.0:pl1-112:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167
- https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html
- https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html
- https://packages.qa.debian.org/c/cron/news/20190311T170403Z.html
- https://salsa.debian.org/debian/cron/commit/40791b93