Published: 30/07/2019 Updated: 02/02/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 5 | Impact Score: 1.4 | Exploitability Score: 3.1

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

A flaw exists in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clusterlabs fence-agents
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux 8.0

Debian Bug report logs - #930887 CVE-2019-10153 Package: fence-agents; Maintainer for fence-agents is Debian HA Maintainers <debian-ha-maintainers@listsaliothdebianorg>; Source for fence-agents is src:fence-agents (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 21 Jun 2019 21:27:0 ...

A flaw was discovered in fence-agents, prior to version 434, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member(CVE-2019-10153) ...

NVD-CWE-Other https://github.com/ClusterLabs/fence-agents/pull/255 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153 https://github.com/ClusterLabs/fence-agents/pull/272 https://access.redhat.com/errata/RHSA-2019:2037 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930887 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2019-1348.html

CVE-2019-10153

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect