Use After Free in cron

Do your applications use this vulnerable package? Test your applications

Overview

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.

References

Debian Bug Report
Debian Security Announcement
Debian Security Tracker
MISC
MISC

Attack Vector

Local
Attack Complexity

Low
Privileges Required

Low
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2019-9706
CWE: CWE-416
Snyk ID: SNYK-DEBIAN9-CRON-340229
Disclosed: 12 Mar, 2019
Published: 12 Mar, 2019

Use After Free
Affecting cron package, versions *

Overview

References

CVSS Score

Use After Free Affecting cron package, versions *

Overview

References

Use After Free
Affecting cron package, versions *