CVE-2018-16878

MEDIUM

Pacemaker <= 2.0.1 - Denial of Service via Uncontrolled Process Preference

Title source: llm
STIX 2.1

Description

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS

References (13)

Core 13
Core References
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16878
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/3952-1/
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2019:1278
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2019:1279
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202309-09

Scores

CVSS v3 5.5
EPSS 0.0002
EPSS Percentile 6.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (22)
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 18.10
canonical/ubuntu_linux 19.04
clusterlabs/pacemaker < 2.0.1
debian/debian_linux 9.0
fedoraproject/fedora 28
fedoraproject/fedora 29
fedoraproject/fedora 30
opensuse/leap 15.0
... and 12 more
Published Apr 18, 2019
Tracked Since Feb 18, 2026