CVE-2019-10153
published 2019-07-30CVE-2019-10153: A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm…
PriorityP425medium5CVSS 3.1
AVNACLPRLUINSCCNINAL
EPSS
2.17%
80.0th percentile
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clusterlabs | fence-agents | < 4.3.4 | 4.3.4 |
| clusterlabs | fence-agents | — | — |
| debian | fence-agents | < fence-agents 4.3.3-2 (bookworm) | fence-agents 4.3.3-2 (bookworm) |
| fence-agents | fence-agents | >= 0 < 4.3.3-2 | 4.3.3-2 |
| fence-agents | fence-agents | >= 0 < 4.3.3-2 | 4.3.3-2 |
| fence-agents | fence-agents | >= 0 < 4.3.3-2 | 4.3.3-2 |
| fence-agents | fence-agents | >= 0 < 4.3.3-2 | 4.3.3-2 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.15.0MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
nvdv3.05.0MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m2cm-xr3w-89p5: A flaw was discovered in fence-agents, prior to version 4
ghsa_unreviewed·2022-05-24
CVE-2019-10153 [MEDIUM] GHSA-m2cm-xr3w-89p5: A flaw was discovered in fence-agents, prior to version 4
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.
OSV
CVE-2019-10153: A flaw was discovered in fence-agents, prior to version 4
osv·2019-07-30·CVSS 5.0
CVE-2019-10153 [MEDIUM] CVE-2019-10153: A flaw was discovered in fence-agents, prior to version 4
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.
Red Hat
fence-agents: mis-handling of non-ASCII characters in guest comment fields
vendor_redhat·2019-06-03·CVSS 5.0
CVE-2019-10153 [MEDIUM] CWE-172 fence-agents: mis-handling of non-ASCII characters in guest comment fields
fence-agents: mis-handling of non-ASCII characters in guest comment fields
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.
Package: fence-agents (Red Hat Enterprise Linux 6) - Out o
Debian
CVE-2019-10153: fence-agents - A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-A...
vendor_debian·2019·CVSS 5.0
CVE-2019-10153 [MEDIUM] CVE-2019-10153: fence-agents - A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-A...
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.
Scope: local
bookworm: resolved (fixed in 4.3.3-2)
bullseye: resolved (fixed in 4.3.3-2)
forky: resolved (fixed in 4.3.3-2)
sid: resolved (fixed in 4.3.3-2)
trixie: resolved (fixed in 4.3.3-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-10153 fence-agents: mis-handling of non-ASCII characters in guest comment fields [fedora-all]
bugzilla·2019-06-04·CVSS 5.0
CVE-2019-10153 [MEDIUM] CVE-2019-10153 fence-agents: mis-handling of non-ASCII characters in guest comment fields [fedora-all]
CVE-2019-10153 fence-agents: mis-handling of non-ASCII characters in guest comment fields [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mu
Bugzilla
CVE-2019-10153 fence-agents: mis-handling of non-ASCII characters in guest comment fields
bugzilla·2019-06-03·CVSS 5.0
CVE-2019-10153 [MEDIUM] CVE-2019-10153 fence-agents: mis-handling of non-ASCII characters in guest comment fields
CVE-2019-10153 fence-agents: mis-handling of non-ASCII characters in guest comment fields
It was discovered that in fence-agents prior to 4.3.4, including non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.
Product bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1670460
Upstream fix:
https://github.com/ClusterLabs/fence-agents/pull/255
https://github.com/ClusterLabs/fence-agents/pull/272
Discussion:
Created fence-agents tracking bugs for this issue:
Affects: fedora-all [bug 1716706]
---
Acknowledgments:
Name: Sandro Emma (Deutsche Börse AG), Jens Kühnel (Deutsche Börse AG)
--
https://access.redhat.com/errata/RHSA-2019:2037https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153https://github.com/ClusterLabs/fence-agents/pull/255https://github.com/ClusterLabs/fence-agents/pull/272https://access.redhat.com/errata/RHSA-2019:2037https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153https://github.com/ClusterLabs/fence-agents/pull/255https://github.com/ClusterLabs/fence-agents/pull/272
2019-07-30
Published