Your submission was sent successfully! Close

CVE-2019-9704

Published: 12 March 2019

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
cron
Launchpad, Ubuntu, Debian
bionic
Released (3.0pl1-128.1ubuntu1.1)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Not vulnerable
(3.0pl1-134ubuntu1)
focal Not vulnerable
(3.0pl1-134ubuntu1)
groovy Not vulnerable
(3.0pl1-134ubuntu1)
hirsute Not vulnerable
(3.0pl1-134ubuntu1)
impish Not vulnerable
(3.0pl1-134ubuntu1)
jammy Not vulnerable
(3.0pl1-134ubuntu1)
precise Ignored
(end of ESM support, was needs-triage)
trusty Needed

upstream
Released (3.0pl1-133)
xenial
Released (3.0pl1-128ubuntu2+esm1)