CVE-2019-10153

A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
redhatCNA
5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
clusterlabsfence-agents
𝑥
< 4.3.4
redhatenterprise_linux
8.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
fence-agents
bullseye
4.7.1-1
fixed
jessie
not-affected
bookworm
4.12.1-1
fixed
sid
4.15.0-3
fixed
trixie
4.15.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
fence-agents
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
ignored
disco
ignored
cosmic
ignored
bionic
not-affected
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2019:2037
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153
https://github.com/ClusterLabs/fence-agents/pull/255
https://github.com/ClusterLabs/fence-agents/pull/272
https://access.redhat.com/errata/RHSA-2019:2037
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153
https://github.com/ClusterLabs/fence-agents/pull/255
https://github.com/ClusterLabs/fence-agents/pull/272