Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.
I do not think there is such code in cronie or the vixie-cron shipped in RHEL or Fedora.
This seems to be caused by a downstream patch applied to Debian/Ubuntu and, as also said in comment 1, Fedora/RHEL are not affected by this flaw as they simply don't have the vulnerable code.
Created cronie tracking bugs for this issue:
Affects: fedora-all [bug 1711927]
This issue did not affect the versions of vixie-cron as shipped with Red Hat Enterprise Linux 5 as they did not include the vulnerable code.
This issue did not affect the versions of cronie as shipped with Red Hat Enterprise Linux 6, 7, and 8 as they did not include the vulnerable code.