vulnerability
Oracle Linux: CVE-2025-30472: ELSA-2025-7201: corosync security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:M/C:C/I:C/A:C) | Mar 22, 2025 | May 26, 2025 | Jul 16, 2025 |
Severity
8
CVSS
(AV:N/AC:M/Au:M/C:C/I:C/A:C)
Published
Mar 22, 2025
Added
May 26, 2025
Modified
Jul 16, 2025
Description
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
A flaw was found in Corosync. In affected versions, a stack-based buffer overflow may be triggered via a large UDP packet in configurations where encryption is disabled or if an attacker knows the encryption key. This issue can lead to an application crash or other undefined behavior.
A flaw was found in Corosync. In affected versions, a stack-based buffer overflow may be triggered via a large UDP packet in configurations where encryption is disabled or if an attacker knows the encryption key. This issue can lead to an application crash or other undefined behavior.
Solutions
oracle-linux-upgrade-corosyncoracle-linux-upgrade-corosyncliboracle-linux-upgrade-corosync-vqsim
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.