PT-2024-30615 · Unknown+1 · Vixie Cron+1
Alex Radocea
+1
·
Published
2024-08-19
·
Updated
2024-08-26
·
CVE-2024-43688
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
vixie cron versions prior to 9cc8ab1
OpenBSD versions 7.4 and 7.5
Description
The issue allows a heap-based buffer underflow and memory corruption in cron/entry.c. This was introduced during a May 2023 refactoring.
Recommendations
For vixie cron versions prior to 9cc8ab1, update to a version that includes the fix for the heap-based buffer underflow.
For OpenBSD versions 7.4 and 7.5, update the vixie cron package to a version that includes the fix for the heap-based buffer underflow.
As a temporary workaround, consider restricting access to the
set range() function in crontab until a patch is available.Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openbsd
Vixie Cron