CVE-2024-43688

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-43688

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43688.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-43688

Published

2024-08-20T06:15:04.983Z

Modified

2026-04-12T09:38:26.037977Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring.

References

Affected packages

Git / github.com/vixie/cron

Affected ranges

Type: GIT
Repo: https://github.com/vixie/cron
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9cc8ab1087bb9ab861dd5595c41200683c9f6712

Database specific

vanir_signatures_modified

"2026-04-12T09:38:26Z"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "9cc8ab1"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43688.json"

vanir_signatures

[
    {
        "digest": {
            "length": 976.0,
            "function_hash": "63010936667497044806070309308377180632"
        },
        "target": {
            "file": "entry.c",
            "function": "get_number"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2024-43688-02998527",
        "source": "https://github.com/vixie/cron/commit/9cc8ab1087bb9ab861dd5595c41200683c9f6712"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "175567205010817314368500076822158778862",
                "47778498664084520870679360908545878386",
                "133239883662492912249389033162906519788",
                "97738228706489242160427024682739810289",
                "248027927010844222738730303263614546437",
                "166179563446577277238884070354291796082",
                "78381649272433403164334403893439064367",
                "168782700858990039150069341528270165477"
            ]
        },
        "target": {
            "file": "entry.c"
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2024-43688-4423c8c0",
        "source": "https://github.com/vixie/cron/commit/9cc8ab1087bb9ab861dd5595c41200683c9f6712"
    },
    {
        "digest": {
            "length": 470.0,
            "function_hash": "82019581775357050425269310241462141255"
        },
        "target": {
            "file": "entry.c",
            "function": "set_range"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2024-43688-8cf5c62d",
        "source": "https://github.com/vixie/cron/commit/9cc8ab1087bb9ab861dd5595c41200683c9f6712"
    }
]