CVE-2019-3885

A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
redhatCNA
3.3 LOW
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
clusterlabspacemaker
𝑥
≤ 2.0.1
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
canonicalubuntu_linux
19.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pacemaker
bullseye
2.0.5-2
fixed
stretch
not-affected
bookworm
2.1.5-1+deb12u1
fixed
sid
2.1.8-1
fixed
trixie
2.1.8-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pacemaker
disco
Fixed 1.1.18-2ubuntu1.19.04.1
released
cosmic
Fixed 1.1.18-2ubuntu1.18.10.1
released
bionic
Fixed 1.1.18-0ubuntu1.1
released
xenial
Fixed 1.1.14-2ubuntu1.6
released
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html
http://www.securityfocus.com/bid/108036
https://access.redhat.com/errata/RHSA-2019:1278
https://access.redhat.com/errata/RHSA-2019:1279
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885
https://github.com/ClusterLabs/pacemaker/pull/1749
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/
https://security.gentoo.org/glsa/202309-09
https://usn.ubuntu.com/3952-1/
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html
http://www.securityfocus.com/bid/108036
https://access.redhat.com/errata/RHSA-2019:1278
https://access.redhat.com/errata/RHSA-2019:1279
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885
https://github.com/ClusterLabs/pacemaker/pull/1749
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/
https://security.gentoo.org/glsa/202309-09
https://usn.ubuntu.com/3952-1/