cron is vulnerable to denial of service. The vulnerability exists due to a use-after-free and daemon crash due to a force_rescan_user error.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167
lists.debian.org/debian-lts-announce/2019/03/msg00025.html
lists.debian.org/debian-lts-announce/2021/10/msg00029.html
packages.qa.debian.org/c/cron/news/20190311T170403Z.html
salsa.debian.org/debian/cron/commit/40791b93
security-tracker.debian.org/tracker/CVE-2019-9706