CVE-2024-43688

Publication date 20 August 2024

Last updated 23 August 2024

Ubuntu priority

cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cron	24.04 LTS noble	Not affected
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected

How can I get the fixes?
What do statuses mean?

Notes

sbeattie

Introduced upstream in 62a064f (radical change to shortcut and range handling, for correctness and clarity (#16), 2023-05-28). This code is not present in any version of cron in Ubuntu.

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2024-43688
https://www.supernetworks.org/CVE-2024-43688/openbsd-cron-heap-underflow.txt
https://www.supernetworks.org/advisories/CVE-2024-43688-openbsd-cron-heap-underflow.txt
https://github.com/vixie/cron/commit/9cc8ab1087bb9ab861dd5595c41200683c9f6712