CVE-2025-30472

Опубликовано: 22 мар. 2025

Источник: nvd

CVSS3: 9

CVSS3: 9.8

EPSS Низкий

Описание

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

Ссылки

https://corosync.org
Product
https://github.com/corosync/corosync/blob/73ba225cc48ebb1903897c792065cb5e876613b0/exec/totemsrp.c#L4677
Product
https://github.com/corosync/corosync/issues/778
Exploit
Issue Tracking
https://github.com/corosync/corosync/issues/778
Exploit
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:corosync:corosync:*:*:*:*:*:*:*:*

Версия до 3.1.9 (включая)

EPSS

Процентиль: 22%

0.00072

Низкий

9 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-121

CWE-787

Связанные уязвимости

CVE-2025-30472

CVSS3: 9

ubuntu

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

CVE-2025-30472

CVSS3: 6.6

redhat

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

CVE-2025-30472

CVSS3: 9

debian

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker know ...

SUSE-SU-2025:1084-1

suse-cvrf

4 месяца назад

Security update for corosync

GHSA-4q2r-xgxr-vvqm

CVSS3: 9

github

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

EPSS

Процентиль: 22%

0.00072

Низкий

9 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-121

CWE-787