Vulnerability Details : CVE-2019-10153
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.
Products affected by CVE-2019-10153
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:clusterlabs:fence-agents:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-10153
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-10153
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
5.0
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
3.1
|
1.4
|
Red Hat, Inc. | |
5.0
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
3.1
|
1.4
|
NIST |
CWE ids for CVE-2019-10153
-
The product does not properly encode or decode the data, resulting in unexpected values.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2019-10153
-
https://github.com/ClusterLabs/fence-agents/pull/272
fence_rhevm: fix debug encoding issues by oalbrigt · Pull Request #272 · ClusterLabs/fence-agents · GitHubPatch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2037
RHSA-2019:2037 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/ClusterLabs/fence-agents/pull/255
fence_rhevm: Changed Encoding to UTF-8 by Numblesix · Pull Request #255 · ClusterLabs/fence-agents · GitHubPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153
1716286 – (CVE-2019-10153) CVE-2019-10153 fence-agents: mis-handling of non-ASCII characters in guest comment fieldsIssue Tracking;Third Party Advisory
Jump to