Description
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
References (11)
Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/108036
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/3952-1/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/
Mailing List vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html
Vendor Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2019:1278
Vendor Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2019:1279
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202309-09
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885
Patch, Third Party Advisory
https://github.com/ClusterLabs/pacemaker/pull/1749
Scores
CVSS v3
3.3
EPSS
0.0014
EPSS Percentile
34.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-416
Status
published
Products (6)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
18.10
canonical/ubuntu_linux
19.04
clusterlabs/pacemaker
< 2.0.1
fedoraproject/fedora
30
Published
Apr 18, 2019
Tracked Since
Feb 18, 2026