Updated: 2025-11-10 02:16:51.162236
Description:
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | CRITICAL | 9.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | corosync | 3.1.7 | 9.8 | CRITICAL | Released | CLSA-2025:1747251688 | 2025-05-16 05:12:33 | |
| TuxCare 9.6 ESU | corosync | 3.1.9 | 9.8 | CRITICAL | Already Fixed | 2025-12-03 18:50:32 |