CVE-2019-9706

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.

CVSS v3.0 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://salsa.debian.org/debian/cron/commit/40791b93	Patch Third Party Advisory
https://packages.qa.debian.org/c/cron/news/20190311T170403Z.html	Mailing List Patch Vendor Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167	Exploit Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:debian:cron:3.0:-::::::
	cpe:2.3:a:debian:cron:3.0:pl1::::::
	cpe:2.3:a:debian:cron:3.0:pl1-100::::::
	cpe:2.3:a:debian:cron:3.0:pl1-101::::::
	cpe:2.3:a:debian:cron:3.0:pl1-102::::::
	cpe:2.3:a:debian:cron:3.0:pl1-103::::::
	cpe:2.3:a:debian:cron:3.0:pl1-104::::::
	cpe:2.3:a:debian:cron:3.0:pl1-105::::::
	cpe:2.3:a:debian:cron:3.0:pl1-106::::::
	cpe:2.3:a:debian:cron:3.0:pl1-107::::::
	cpe:2.3:a:debian:cron:3.0:pl1-108::::::
	cpe:2.3:a:debian:cron:3.0:pl1-109::::::
	cpe:2.3:a:debian:cron:3.0:pl1-110::::::
	cpe:2.3:a:debian:cron:3.0:pl1-111::::::
	cpe:2.3:a:debian:cron:3.0:pl1-112::::::
	cpe:2.3:a:debian:cron:3.0:pl1-113::::::
	cpe:2.3:a:debian:cron:3.0:pl1-114::::::
	cpe:2.3:a:debian:cron:3.0:pl1-115::::::
	cpe:2.3:a:debian:cron:3.0:pl1-116::::::
	cpe:2.3:a:debian:cron:3.0:pl1-117::::::
	cpe:2.3:a:debian:cron:3.0:pl1-118::::::
	cpe:2.3:a:debian:cron:3.0:pl1-119::::::
	cpe:2.3:a:debian:cron:3.0:pl1-120::::::
	cpe:2.3:a:debian:cron:3.0:pl1-121::::::
	cpe:2.3:a:debian:cron:3.0:pl1-122::::::
	cpe:2.3:a:debian:cron:3.0:pl1-123::::::
	cpe:2.3:a:debian:cron:3.0:pl1-124::::::
	cpe:2.3:a:debian:cron:3.0:pl1-124.1::::::
	cpe:2.3:a:debian:cron:3.0:pl1-124.2::::::
	cpe:2.3:a:debian:cron:3.0:pl1-125::::::
	cpe:2.3:a:debian:cron:3.0:pl1-126::::::
	cpe:2.3:a:debian:cron:3.0:pl1-127::::::
	cpe:2.3:a:debian:cron:3.0:pl1-128::::::
	cpe:2.3:a:debian:cron:3.0:pl1-130::::::
	cpe:2.3:a:debian:cron:3.0:pl1-131::::::
	cpe:2.3:a:debian:cron:3.0:pl1-132::::::
	cpe:2.3:a:debian:cron:3.0:pl1-37::::::
	cpe:2.3:a:debian:cron:3.0:pl1-38::::::
	cpe:2.3:a:debian:cron:3.0:pl1-39::::::
	cpe:2.3:a:debian:cron:3.0:pl1-40::::::
	cpe:2.3:a:debian:cron:3.0:pl1-41::::::
	cpe:2.3:a:debian:cron:3.0:pl1-42::::::
	cpe:2.3:a:debian:cron:3.0:pl1-43::::::
	cpe:2.3:a:debian:cron:3.0:pl1-44::::::
	cpe:2.3:a:debian:cron:3.0:pl1-45::::::
	cpe:2.3:a:debian:cron:3.0:pl1-46::::::
	cpe:2.3:a:debian:cron:3.0:pl1-47::::::
	cpe:2.3:a:debian:cron:3.0:pl1-48::::::
	cpe:2.3:a:debian:cron:3.0:pl1-49::::::
	cpe:2.3:a:debian:cron:3.0:pl1-50::::::
	cpe:2.3:a:debian:cron:3.0:pl1-50.1::::::
	cpe:2.3:a:debian:cron:3.0:pl1-50.2::::::
	cpe:2.3:a:debian:cron:3.0:pl1-51::::::
	cpe:2.3:a:debian:cron:3.0:pl1-53::::::
	cpe:2.3:a:debian:cron:3.0:pl1-54::::::
	cpe:2.3:a:debian:cron:3.0:pl1-55::::::
	cpe:2.3:a:debian:cron:3.0:pl1-56::::::
	cpe:2.3:a:debian:cron:3.0:pl1-57::::::
	cpe:2.3:a:debian:cron:3.0:pl1-57.2::::::
	cpe:2.3:a:debian:cron:3.0:pl1-57.3::::::
	cpe:2.3:a:debian:cron:3.0:pl1-58::::::
	cpe:2.3:a:debian:cron:3.0:pl1-59::::::
	cpe:2.3:a:debian:cron:3.0:pl1-60::::::
	cpe:2.3:a:debian:cron:3.0:pl1-61::::::
cpe:2.3:a:debian:cron:3.0:pl1-62::::::
cpe:2.3:a:debian:cron:3.0:pl1-63::::::
cpe:2.3:a:debian:cron:3.0:pl1-64::::::
cpe:2.3:a:debian:cron:3.0:pl1-65::::::
cpe:2.3:a:debian:cron:3.0:pl1-66::::::
cpe:2.3:a:debian:cron:3.0:pl1-67::::::
cpe:2.3:a:debian:cron:3.0:pl1-68::::::
cpe:2.3:a:debian:cron:3.0:pl1-69::::::
cpe:2.3:a:debian:cron:3.0:pl1-70::::::
cpe:2.3:a:debian:cron:3.0:pl1-71::::::
cpe:2.3:a:debian:cron:3.0:pl1-72::::::
cpe:2.3:a:debian:cron:3.0:pl1-73::::::
cpe:2.3:a:debian:cron:3.0:pl1-74::::::
cpe:2.3:a:debian:cron:3.0:pl1-75::::::
cpe:2.3:a:debian:cron:3.0:pl1-76::::::
cpe:2.3:a:debian:cron:3.0:pl1-77::::::
cpe:2.3:a:debian:cron:3.0:pl1-78::::::
cpe:2.3:a:debian:cron:3.0:pl1-79::::::
cpe:2.3:a:debian:cron:3.0:pl1-80::::::
cpe:2.3:a:debian:cron:3.0:pl1-81::::::
cpe:2.3:a:debian:cron:3.0:pl1-82::::::
cpe:2.3:a:debian:cron:3.0:pl1-83::::::
cpe:2.3:a:debian:cron:3.0:pl1-84::::::
cpe:2.3:a:debian:cron:3.0:pl1-85::::::
cpe:2.3:a:debian:cron:3.0:pl1-86::::::
cpe:2.3:a:debian:cron:3.0:pl1-87::::::
cpe:2.3:a:debian:cron:3.0:pl1-88::::::
cpe:2.3:a:debian:cron:3.0:pl1-89::::::
cpe:2.3:a:debian:cron:3.0:pl1-90::::::
cpe:2.3:a:debian:cron:3.0:pl1-91::::::
cpe:2.3:a:debian:cron:3.0:pl1-92::::::
cpe:2.3:a:debian:cron:3.0:pl1-93::::::
cpe:2.3:a:debian:cron:3.0:pl1-94::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Information

Published : 2019-03-11 18:29

Updated : 2021-11-30 10:50

NVD link : CVE-2019-9706

Mitre link : CVE-2019-9706

JSON object : View

CWE

CWE-416

Use After Free

Products Affected

debian

cron
debian_linux

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-9706

5.5^/10

2.1^/10

Attach tags to `CVE-2019-9706`