Fluid Attacks Database

Description

A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	fence-agents	>=0 <4.3.3-2	4.3.3-2
debian 13	fence-agents	>=0 <4.3.3-2	4.3.3-2
debian 14	fence-agents	>=0 <4.3.3-2	4.3.3-2
debian 11	fence-agents	>=0 <4.3.3-2	4.3.3-2
rpm rhel7	fence-agents	<0:4.2.1-24.el7	0:4.2.1-24.el7
rpm rhel6	fence-agents	-	-
rpm rhel8	fence-agents	-	-

Aliases

1. CVE-2019-101532. NVD-2019-101533. OSV-DEBIAN-2019-101534. OSV-2019-101535. SECURITY-TRACKER-CVE-2019-10153

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.