Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked. Upstream commit: https://salsa.debian.org/debian/cron/commit/f2525567
In cronie handled in cronie-1.5.3 release.
Also fixed upstream in cronie here: https://github.com/cronie-crond/cronie/commit/a6576769f01325303b11edc3e0cfb05ef382ce56
Upstream Cronie fix is in release 1.5.3.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-9704