CVE-2018-16878

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
clusterlabspacemaker
𝑥
≤ 2.0.1
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
canonicalubuntu_linux
19.04
debiandebian_linux
9.0
opensuseleap
15.0
opensuseleap
42.3
redhatenterprise_linux
8.0
redhatenterprise_linux_aus
8.2
redhatenterprise_linux_aus
8.4
redhatenterprise_linux_aus
8.6
redhatenterprise_linux_eus
8.1
redhatenterprise_linux_eus
8.2
redhatenterprise_linux_eus
8.4
redhatenterprise_linux_eus
8.6
redhatenterprise_linux_tus
8.2
redhatenterprise_linux_tus
8.4
redhatenterprise_linux_tus
8.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pacemaker
bookworm
2.1.5-1+deb12u1
fixed
bullseye
2.0.5-2
fixed
sid
2.1.8-1
fixed
trixie
2.1.8-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pacemaker
bionic
Fixed 1.1.18-0ubuntu1.1
released
cosmic
Fixed 1.1.18-2ubuntu1.18.10.1
released
disco
Fixed 1.1.18-2ubuntu1.19.04.1
released
trusty
dne
xenial
Fixed 1.1.14-2ubuntu1.6
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
pacemaker
RHEL 7
0:1.1.19-8.el7_6.5
fixed
RHEL 8
0:2.0.1-4.el8_0.3
fixed
RHEL 8.0 E4S
0:2.0.1-4.el8_0.3
fixed
pacemaker-cli
RHEL 7
0:1.1.19-8.el7_6.5
fixed
RHEL 8
0:2.0.1-4.el8_0.3
fixed
RHEL 8.0 E4S
0:2.0.1-4.el8_0.3
fixed
pacemaker-cluster-libs
RHEL 7
0:1.1.19-8.el7_6.5
fixed
RHEL 8
0:2.0.1-4.el8_0.3
fixed
RHEL 8.0 E4S
0:2.0.1-4.el8_0.3
fixed
pacemaker-cts
RHEL 7
0:1.1.19-8.el7_6.5
fixed
RHEL 8
0:2.0.1-4.el8_0.3
fixed
RHEL 8.0 E4S
0:2.0.1-4.el8_0.3
fixed
pacemaker-doc
RHEL 7
0:1.1.19-8.el7_6.5
fixed
RHEL 8
0:2.0.1-4.el8_0.3
fixed
RHEL 8.0 E4S
0:2.0.1-4.el8_0.3
fixed
pacemaker-libs
RHEL 7
0:1.1.19-8.el7_6.5
fixed
RHEL 8
0:2.0.1-4.el8_0.3
fixed
RHEL 8.0 E4S
0:2.0.1-4.el8_0.3
fixed
pacemaker-libs-devel
RHEL 7
0:1.1.19-8.el7_6.5
fixed
RHEL 8
0:2.0.1-4.el8_0.3
fixed
RHEL 8.0 E4S
0:2.0.1-4.el8_0.3
fixed
pacemaker-nagios-plugins-metadata
RHEL 7
0:1.1.19-8.el7_6.5
fixed
RHEL 8
0:2.0.1-4.el8_0.3
fixed
RHEL 8.0 E4S
0:2.0.1-4.el8_0.3
fixed
pacemaker-remote
RHEL 7
0:1.1.19-8.el7_6.5
fixed
RHEL 8
0:2.0.1-4.el8_0.3
fixed
RHEL 8.0 E4S
0:2.0.1-4.el8_0.3
fixed
pacemaker-schemas
RHEL 8
0:2.0.1-4.el8_0.3
fixed
RHEL 8.0 E4S
0:2.0.1-4.el8_0.3
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
pacemaker
Amazon Linux 2
0:1.1.20-5.amzn2.0.2
fixed
pacemaker-cli
Amazon Linux 2
0:1.1.20-5.amzn2.0.2
fixed
pacemaker-cluster-libs
Amazon Linux 2
0:1.1.20-5.amzn2.0.2
fixed
pacemaker-cts
Amazon Linux 2
0:1.1.20-5.amzn2.0.2
fixed
pacemaker-debuginfo
Amazon Linux 2
0:1.1.20-5.amzn2.0.2
fixed
pacemaker-doc
Amazon Linux 2
0:1.1.20-5.amzn2.0.2
fixed
pacemaker-libs
Amazon Linux 2
0:1.1.20-5.amzn2.0.2
fixed
pacemaker-libs-devel
Amazon Linux 2
0:1.1.20-5.amzn2.0.2
fixed
pacemaker-nagios-plugins-metadata
Amazon Linux 2
0:1.1.20-5.amzn2.0.2
fixed
pacemaker-remote
Amazon Linux 2
0:1.1.20-5.amzn2.0.2
fixed
References