Описание
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
An integer overflow leading to an out-of-bound read was found in authenticate_nss_2_3() in Corosync. An attacker could craft a malicious packet that would lead to a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | corosync | Not affected | ||
| Red Hat Enterprise Linux 8 | corosync | Not affected | ||
| Red Hat Storage 3 | corosync | Will not fix | ||
| Red Hat Enterprise Linux 7 | corosync | Fixed | RHSA-2018:1169 | 17.04.2018 |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-190->CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1552830corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 7 лет назад
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
CVSS3: 7.5
nvd
больше 7 лет назад
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
CVSS3: 7.5
debian
больше 7 лет назад
corosync before version 2.4.4 is vulnerable to an integer overflow in ...
7.5 High
CVSS3