CVE-2019-3885
NONE EPSS 77.8%
Published Apr 18, 20197y ago · Modified Jun 17, 20262w ago
Published Apr 18, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
Description
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
Threat Intelligence
EPSS Exploit Probability
77.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-416 Use After Free Memory Safety
Affected Products 6
| Vendor | Product | Version | Range |
|---|---|---|---|
| clusterlabs | pacemaker | * | ≤2.0.1 |
| canonical | ubuntu_linux | 16.04 | any |
| canonical | ubuntu_linux | 18.04 | any |
| canonical | ubuntu_linux | 18.10 | any |
| canonical | ubuntu_linux | 19.04 | any |
| fedoraproject | fedora | 30 | any |
References 11
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html
- securityfocus.com http://www.securityfocus.com/bid/108036
- access.redhat.com https://access.redhat.com/errata/RHSA-2019:1278
- access.redhat.com https://access.redhat.com/errata/RHSA-2019:1279
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885
- github.com https://github.com/ClusterLabs/pacemaker/pull/1749
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/
- security.gentoo.org https://security.gentoo.org/glsa/202309-09
- usn.ubuntu.com https://usn.ubuntu.com/3952-1/
Remediation
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885
- github.com https://github.com/ClusterLabs/pacemaker/pull/1749