CVE-2019-10153

EUVD-2019-2190
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
redhatCNA
5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
clusterlabsfence-agents
𝑥
< 4.3.4
redhatenterprise_linux
8.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
fence-agents
bookworm
4.12.1-1
fixed
bullseye
4.7.1-1
fixed
jessie
not-affected
sid
4.15.0-3
fixed
trixie
4.15.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
fence-agents
bionic
not-affected
cosmic
ignored
disco
ignored
eoan
ignored
focal
not-affected
groovy
not-affected
hirsute
not-affected
trusty
dne
xenial
not-affected
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2019:2037
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153
https://github.com/ClusterLabs/fence-agents/pull/255
https://github.com/ClusterLabs/fence-agents/pull/272
https://access.redhat.com/errata/RHSA-2019:2037
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153
https://github.com/ClusterLabs/fence-agents/pull/255
https://github.com/ClusterLabs/fence-agents/pull/272