CVE-2025-30472

Опубликовано: 22 мар. 2025

Источник: redhat

CVSS3: 6.6

EPSS Низкий

Описание

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

A flaw was found in Corosync. In affected versions, a stack-based buffer overflow may be triggered via a large UDP packet in configurations where encryption is disabled or if an attacker knows the encryption key. This issue can lead to an application crash or other undefined behavior.

Отчет

Red Hat believes this vulnerability to be of Moderate impact because successful exploitation requires the attacker to have gained access to the shared secret keys used by the cluster for encrypted communication or for the corosync configuration in the cluster to have encryption and signing disabled, which is a non-standard configuration.

Меры по смягчению последствий

To mitigate this vulnerability in RHEL, use pcs to ensure that the corosync configuration used in your cluster(s) has encryption enabled (verify that during setup the --crypto option's cipher and hash parameters are not set to none).

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	corosync	Fix deferred
Red Hat Enterprise Linux 8	corosync	Fix deferred
Red Hat Enterprise Linux 10	corosync	Fixed	RHSA-2025:7478	13.05.2025
Red Hat Enterprise Linux 9	corosync	Fixed	RHSA-2025:7201	13.05.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-121

https://bugzilla.redhat.com/show_bug.cgi?id=2354229corosync: Stack buffer overflow from 'orf_token_endian_convert'

EPSS

Процентиль: 22%

0.00072

Низкий

6.6 Medium

CVSS3

Связанные уязвимости

CVE-2025-30472

CVSS3: 9

ubuntu

8 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

CVE-2025-30472

CVSS3: 9

nvd

8 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

CVE-2025-30472

CVSS3: 9

debian

8 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker know ...

SUSE-SU-2025:1084-1

suse-cvrf

7 месяцев назад

Security update for corosync

RLSA-2025:7478

rocky

около 1 месяца назад

Moderate: corosync security update

EPSS

Процентиль: 22%

0.00072

Низкий

6.6 Medium

CVSS3