vulnerability
Red Hat: CVE-2025-30472: corosync: Stack buffer overflow from 'orf_token_endian_convert' (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:M/C:C/I:C/A:C) | Mar 22, 2025 | May 15, 2025 | Jan 28, 2026 |
Severity
8
CVSS
(AV:N/AC:M/Au:M/C:C/I:C/A:C)
Published
Mar 22, 2025
Added
May 15, 2025
Modified
Jan 28, 2026
Description
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
Solutions
no-fix-redhat-rpm-packageredhat-upgrade-corosyncredhat-upgrade-corosync-debuginforedhat-upgrade-corosync-debugsourceredhat-upgrade-corosync-vqsimredhat-upgrade-corosync-vqsim-debuginforedhat-upgrade-corosynclibredhat-upgrade-corosynclib-debuginforedhat-upgrade-corosynclib-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.