CVE-2025-30472

Опубликовано: 22 мар. 2025

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 9

Описание

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

Релиз	Статус	Примечание
devel	released	3.1.8-3ubuntu2
esm-infra/bionic	needs-triage
esm-infra/focal	not-affected	3.0.3-2ubuntu2.2
esm-infra/xenial	needs-triage
focal	released	3.0.3-2ubuntu2.2
jammy	released	3.1.6-1ubuntu1.1
noble	released	3.1.7-1ubuntu3.1
oracular	released	3.1.8-2ubuntu1.1
plucky	released	3.1.8-3ubuntu2
upstream	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 22%

0.00072

Низкий

9 Critical

CVSS3

Связанные уязвимости

CVE-2025-30472

CVSS3: 6.6

redhat

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

CVE-2025-30472

CVSS3: 9

nvd

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

CVE-2025-30472

CVSS3: 9

debian

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker know ...

SUSE-SU-2025:1084-1

suse-cvrf

4 месяца назад

Security update for corosync

GHSA-4q2r-xgxr-vvqm

CVSS3: 9

github

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

EPSS

Процентиль: 22%

0.00072

Низкий

9 Critical

CVSS3

CVE-2025-30472

Описание

Пакет corosync

Ссылки на источники

Связанные уязвимости