CVE-2019-10153 Information

Description

A flaw was discovered in fence-agents prior to version 4.3.4 where using non-ASCII characters in a guest VM’s comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Reference

https://access.redhat.com/errata/RHSA-2019:2037 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153 https://github.com/ClusterLabs/fence-agents/pull/255 https://github.com/ClusterLabs/fence-agents/pull/272

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

LOW

Base Severity

5.0