CVE-2019-9706

5.5MEDIUM

Key Information

Vendor: Debian
Status: Cron
Vendor: CVE Published:; 12 March 2019

Summary

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.

References

https://salsa.debian.org/debian/cron/commit/40791b93

x_refsource_MISC

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167

x_refsource_MISC

https://packages.qa.debian.org/c/cron/news/20190311T17040...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2019
Vulnerability Reserved
Mar 11, 2019

Collectors

NVD DatabaseMitre Database