{"id":"CVE-2024-43688","details":"cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring.","modified":"2026-04-12T09:38:26.037977Z","published":"2024-08-20T06:15:04.983Z","references":[{"type":"WEB","url":"https://www.supernetworks.org/CVE-2024-43688/openbsd-cron-heap-underflow.txt"},{"type":"ADVISORY","url":"https://www.supernetworks.org/advisories/CVE-2024-43688-openbsd-cron-heap-underflow.txt"},{"type":"FIX","url":"https://github.com/vixie/cron/commit/9cc8ab1087bb9ab861dd5595c41200683c9f6712"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vixie/cron","events":[{"introduced":"0"},{"fixed":"9cc8ab1087bb9ab861dd5595c41200683c9f6712"}]}],"database_specific":{"vanir_signatures":[{"deprecated":false,"target":{"function":"get_number","file":"entry.c"},"signature_type":"Function","id":"CVE-2024-43688-02998527","source":"https://github.com/vixie/cron/commit/9cc8ab1087bb9ab861dd5595c41200683c9f6712","signature_version":"v1","digest":{"function_hash":"63010936667497044806070309308377180632","length":976}},{"deprecated":false,"target":{"file":"entry.c"},"signature_type":"Line","id":"CVE-2024-43688-4423c8c0","source":"https://github.com/vixie/cron/commit/9cc8ab1087bb9ab861dd5595c41200683c9f6712","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["175567205010817314368500076822158778862","47778498664084520870679360908545878386","133239883662492912249389033162906519788","97738228706489242160427024682739810289","248027927010844222738730303263614546437","166179563446577277238884070354291796082","78381649272433403164334403893439064367","168782700858990039150069341528270165477"]}},{"deprecated":false,"target":{"function":"set_range","file":"entry.c"},"signature_type":"Function","id":"CVE-2024-43688-8cf5c62d","source":"https://github.com/vixie/cron/commit/9cc8ab1087bb9ab861dd5595c41200683c9f6712","signature_version":"v1","digest":{"function_hash":"82019581775357050425269310241462141255","length":470}}],"vanir_signatures_modified":"2026-04-12T09:38:26Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"9cc8ab1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43688.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}