PT-2019-5045 · Red Hat+2 · Fence-Agents+3

Doran Moppert

Published

2019-07-10

Updated

2024-06-15

CVE-2019-10153

CVSS v3.1

5.0

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions fence-agents versions prior to 4.3.4

Description A flaw in fence-agents can cause the fence rhevm component to exit with an exception when non-ASCII characters are used in certain fields of a guest VM, such as comments. This issue can lead to denial of service in cluster environments, preventing automated recovery. The vulnerability is related to encoding errors and can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions prior to 4.3.4, update to version 4.3.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of non-ASCII characters in guest VM comments and other fields to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-172

Related Identifiers

BDU:2020-01687

CESA-2019_2037

CVE-2019-10153

MGASA-2019-0398

OPENSUSE-SU-2019:1719-1

OPENSUSE-SU-2019:1751-1

OPENSUSE-SU-2019_1719-1

OPENSUSE-SU-2019_1751-1

OPENSUSE-SU-2024:10752-1

RHSA-2019:2037

RHSA-2019_2037

SUSE-SU-2019:1809-1

SUSE-SU-2019:1813-1

SUSE-SU-2019:1819-1

SUSE-SU-2019_1809-1

SUSE-SU-2019_1813-1

SUSE-SU-2019_1819-1

Affected Products

Centos

Red Hat

Suse

Fence-Agents

PT-2019-5045 · Red Hat+2 · Fence-Agents+3

CVE-2019-10153

Weakness Enumeration

Related Identifiers

Affected Products

References · 31