CVE-2025-30472

Опубликовано: 22 мар. 2025

Источник: debian

EPSS Низкий

Описание

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
corosync	fixed	3.1.9-2		package
corosync	no-dsa		bookworm	package
corosync	postponed		bullseye	package

Примечания

https://github.com/corosync/corosync/issues/778
https://github.com/corosync/corosync/pull/779
https://github.com/corosync/corosync/commit/7839990f9cdf34e55435ed90109e82709032466a

EPSS

Процентиль: 22%

0.00072

Низкий

Связанные уязвимости

CVE-2025-30472

CVSS3: 9

ubuntu

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

CVE-2025-30472

CVSS3: 6.6

redhat

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

CVE-2025-30472

CVSS3: 9

nvd

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

SUSE-SU-2025:1084-1

suse-cvrf

4 месяца назад

Security update for corosync

GHSA-4q2r-xgxr-vvqm

CVSS3: 9

github

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

EPSS

Процентиль: 22%

0.00072

Низкий