PT-2019-5045 · Red Hat+2 · Fence-Agents+3

Doran Moppert

Publicado

2019-07-10

Atualizado

2024-06-15

CVE-2019-10153

CVSS v3.1

5.0

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions fence-agents versions prior to 4.3.4

Description A flaw in fence-agents can cause the fence rhevm component to exit with an exception when non-ASCII characters are used in certain fields of a guest VM, such as comments. This issue can lead to denial of service in cluster environments, preventing automated recovery. The vulnerability is related to encoding errors and can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions prior to 4.3.4, update to version 4.3.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of non-ASCII characters in guest VM comments and other fields to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-172

Identificadores relacionados

BDU:2020-01687

CESA-2019_2037

CVE-2019-10153

MGASA-2019-0398

OPENSUSE-SU-2019:1719-1

OPENSUSE-SU-2019:1751-1

OPENSUSE-SU-2019_1719-1

OPENSUSE-SU-2019_1751-1

OPENSUSE-SU-2024:10752-1

RHSA-2019:2037

RHSA-2019_2037

SUSE-SU-2019:1809-1

SUSE-SU-2019:1813-1

SUSE-SU-2019:1819-1

SUSE-SU-2019_1809-1

SUSE-SU-2019_1813-1

SUSE-SU-2019_1819-1

Produtos afetados

Centos

Red Hat

Suse

Fence-Agents

PT-2019-5045 · Red Hat+2 · Fence-Agents+3

CVE-2019-10153

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 31