CVE-2019-3885Use After Free in Pacemaker

CWE-416Use After Free13 documents8 sources
Severity
7.5HIGHNVD
CNA3.3
EPSS
0.1%
top 65.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Clusterlabs PacemakerCanonical Ubuntu LinuxFedoraproject Fedora
Timeline
PublishedApr 18
Latest updateMay 24

Description

A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debianclusterlabs/pacemaker< 2.0.1-3+3
CVEListV5clusterlabs/pacemakeraffects up to and including version 2.0.1

Also affects: Fedora 30, Ubuntu Linux 16.04, 18.04, 18.10, 19.04

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

5
GHSA
GHSA-65pr-6j4p-wvp6: A use-after-free flaw was found in pacemaker up to and including version 22022-05-24
OSV
pacemaker vulnerabilities2019-04-23
CVEList
CVE-2019-3885: A use-after-free flaw was found in pacemaker up to and including version 22019-04-18
OSV
CVE-2019-3885: A use-after-free flaw was found in pacemaker up to and including version 22019-04-18
OSV
openssh vulnerability2019-03-04

📋Vendor Advisories

3
Ubuntu
Pacemaker vulnerabilities2019-04-23
Red Hat
pacemaker: Information disclosure through use-after-free2019-04-17
Debian
CVE-2019-3885: pacemaker - A use-after-free flaw was found in pacemaker up to and including version 2.0.1 w...2019

💬Community

4
Bugzilla
CVE-2019-3885 pacemaker: Information disclosure through use-after-free [openstack-rdo]2019-05-04
Bugzilla
CVE-2018-16877 CVE-2018-16878 CVE-2019-3885 pacemaker: various flaws [fedora-all]2019-04-17
Bugzilla
CVE-2019-3885 pacemaker: Information disclosure through use-after-free2019-04-01
Bugzilla
CVE-2018-16878 pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS2018-12-10