vulnerability
Red Hat: CVE-2025-30472: corosync: Stack buffer overflow from 'orf_token_endian_convert' (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:H/Au:M/C:C/I:C/A:C) | Mar 22, 2025 | May 15, 2025 | May 15, 2025 |
Severity
7
CVSS
(AV:N/AC:H/Au:M/C:C/I:C/A:C)
Published
Mar 22, 2025
Added
May 15, 2025
Modified
May 15, 2025
Description
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
Solution(s)
redhat-upgrade-corosyncredhat-upgrade-corosync-debuginforedhat-upgrade-corosync-debugsourceredhat-upgrade-corosync-vqsimredhat-upgrade-corosync-vqsim-debuginforedhat-upgrade-corosynclibredhat-upgrade-corosynclib-debuginforedhat-upgrade-corosynclib-devel
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.