CVE-2019-9706

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
debiancron
3.0
debiancron
3.0:pl1
debiancron
3.0:pl1-100
debiancron
3.0:pl1-101
debiancron
3.0:pl1-102
debiancron
3.0:pl1-103
debiancron
3.0:pl1-104
debiancron
3.0:pl1-105
debiancron
3.0:pl1-106
debiancron
3.0:pl1-107
debiancron
3.0:pl1-108
debiancron
3.0:pl1-109
debiancron
3.0:pl1-110
debiancron
3.0:pl1-111
debiancron
3.0:pl1-112
debiancron
3.0:pl1-113
debiancron
3.0:pl1-114
debiancron
3.0:pl1-115
debiancron
3.0:pl1-116
debiancron
3.0:pl1-117
debiancron
3.0:pl1-118
debiancron
3.0:pl1-119
debiancron
3.0:pl1-120
debiancron
3.0:pl1-121
debiancron
3.0:pl1-122
debiancron
3.0:pl1-123
debiancron
3.0:pl1-124
debiancron
3.0:pl1-124.1
debiancron
3.0:pl1-124.2
debiancron
3.0:pl1-125
debiancron
3.0:pl1-126
debiancron
3.0:pl1-127
debiancron
3.0:pl1-128
debiancron
3.0:pl1-130
debiancron
3.0:pl1-131
debiancron
3.0:pl1-132
debiancron
3.0:pl1-37
debiancron
3.0:pl1-38
debiancron
3.0:pl1-39
debiancron
3.0:pl1-40
debiancron
3.0:pl1-41
debiancron
3.0:pl1-42
debiancron
3.0:pl1-43
debiancron
3.0:pl1-44
debiancron
3.0:pl1-45
debiancron
3.0:pl1-46
debiancron
3.0:pl1-47
debiancron
3.0:pl1-48
debiancron
3.0:pl1-49
debiancron
3.0:pl1-50
debiancron
3.0:pl1-50.1
debiancron
3.0:pl1-50.2
debiancron
3.0:pl1-51
debiancron
3.0:pl1-53
debiancron
3.0:pl1-54
debiancron
3.0:pl1-55
debiancron
3.0:pl1-56
debiancron
3.0:pl1-57
debiancron
3.0:pl1-57.2
debiancron
3.0:pl1-57.3
debiancron
3.0:pl1-58
debiancron
3.0:pl1-59
debiancron
3.0:pl1-60
debiancron
3.0:pl1-61
debiancron
3.0:pl1-62
debiancron
3.0:pl1-63
debiancron
3.0:pl1-64
debiancron
3.0:pl1-65
debiancron
3.0:pl1-66
debiancron
3.0:pl1-67
debiancron
3.0:pl1-68
debiancron
3.0:pl1-69
debiancron
3.0:pl1-70
debiancron
3.0:pl1-71
debiancron
3.0:pl1-72
debiancron
3.0:pl1-73
debiancron
3.0:pl1-74
debiancron
3.0:pl1-75
debiancron
3.0:pl1-76
debiancron
3.0:pl1-77
debiancron
3.0:pl1-78
debiancron
3.0:pl1-79
debiancron
3.0:pl1-80
debiancron
3.0:pl1-81
debiancron
3.0:pl1-82
debiancron
3.0:pl1-83
debiancron
3.0:pl1-84
debiancron
3.0:pl1-85
debiancron
3.0:pl1-86
debiancron
3.0:pl1-87
debiancron
3.0:pl1-88
debiancron
3.0:pl1-89
debiancron
3.0:pl1-90
debiancron
3.0:pl1-91
debiancron
3.0:pl1-92
debiancron
3.0:pl1-93
debiancron
3.0:pl1-94
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cron
bullseye
3.0pl1-137
fixed
bookworm
3.0pl1-162
fixed
sid
3.0pl1-189
fixed
trixie
3.0pl1-189
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cron
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
ignored
cosmic
ignored
bionic
Fixed 3.0pl1-128.1ubuntu1.1
released
xenial
Fixed 3.0pl1-128ubuntu2+esm1
released
trusty
needed
Common Weakness Enumeration
References
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167
https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html
https://packages.qa.debian.org/c/cron/news/20190311T170403Z.html
https://salsa.debian.org/debian/cron/commit/40791b93
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167
https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html
https://packages.qa.debian.org/c/cron/news/20190311T170403Z.html
https://salsa.debian.org/debian/cron/commit/40791b93