Cron
CVE-2019-9704
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.
AnalysisAI
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-252. Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked. Affected products include: Cron Project Cron, Fedoraproject Fedora, Debian Debian Linux.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daem
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer scrip
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via
Same weakness CWE-252 – Unchecked Return Value
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today