Search criteria
10 vulnerabilities found for corosync by corosync
CVE-2026-35092 (GCVE-0-2026-35092)
Vulnerability from nvd – Published: 2026-04-01 13:18 – Updated: 2026-05-19 21:28
VLAI?
Title
Corosync: corosync: denial of service via integer overflow in join message validation
Summary
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
Severity ?
7.5 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
16 references
Impacted products
19 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:3.1.9-2.el10_1.1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:3.1.10-1.el10_2.1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support |
Unaffected:
0:3.1.9-1.el10_0.2 , < *
(rpm)
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:3.1.8-1.el8_10.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::highavailability cpe:/a:redhat:enterprise_linux:8::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:3.1.0-3.el8_4.2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::highavailability cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:3.1.0-3.el8_4.2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::highavailability cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:3.1.5-2.el8_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:3.1.5-2.el8_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:3.1.5-2.el8_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:3.1.7-1.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::highavailability cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:3.1.7-1.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::highavailability cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:3.1.9-2.el9_7.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::highavailability cpe:/a:redhat:enterprise_linux:9::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:3.1.10-1.el9_8.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::highavailability cpe:/a:redhat:enterprise_linux:9::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:3.1.5-3.el9_0.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/a:redhat:rhel_e4s:9.0::highavailability cpe:/a:redhat:rhel_e4s:9.0::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:3.1.7-1.el9_2.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_e4s:9.2::highavailability cpe:/a:redhat:rhel_e4s:9.2::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:3.1.8-1.el9_4.1 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/a:redhat:rhel_eus:9.4::highavailability cpe:/a:redhat:rhel_eus:9.4::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
0:3.1.9-2.el9_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::crb cpe:/a:redhat:rhel_eus:9.6::highavailability cpe:/a:redhat:rhel_eus:9.6::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
Date Public ?
2026-04-01 11:48
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T13:29:07.148266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T13:32:35.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-2.el10_1.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.10-1.el10_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-1.el10_0.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/a:redhat:enterprise_linux:8::highavailability",
"cpe:/a:redhat:enterprise_linux:8::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.8-1.el8_10.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::highavailability",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.0-3.el8_4.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::highavailability",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.0-3.el8_4.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::highavailability",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-2.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::highavailability",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-2.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::highavailability",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-2.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::highavailability",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.7-1.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::highavailability",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.7-1.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::highavailability",
"cpe:/a:redhat:enterprise_linux:9::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-2.el9_7.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::highavailability",
"cpe:/a:redhat:enterprise_linux:9::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.10-1.el9_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream",
"cpe:/a:redhat:rhel_e4s:9.0::highavailability",
"cpe:/a:redhat:rhel_e4s:9.0::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-3.el9_0.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream",
"cpe:/a:redhat:rhel_e4s:9.2::highavailability",
"cpe:/a:redhat:rhel_e4s:9.2::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.7-1.el9_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/a:redhat:rhel_eus:9.4::crb",
"cpe:/a:redhat:rhel_eus:9.4::highavailability",
"cpe:/a:redhat:rhel_eus:9.4::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.8-1.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream",
"cpe:/a:redhat:rhel_eus:9.6::crb",
"cpe:/a:redhat:rhel_eus:9.6::highavailability",
"cpe:/a:redhat:rhel_eus:9.6::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-2.el9_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Sebasti\u00e1n Alba Vives for reporting this issue."
}
],
"datePublic": "2026-04-01T11:48:22.309Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Corosync. An integer overflow vulnerability in Corosync\u0027s join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T21:28:02.913Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:13644",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13644"
},
{
"name": "RHSA-2026:13657",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13657"
},
{
"name": "RHSA-2026:13673",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13673"
},
{
"name": "RHSA-2026:14205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14205"
},
{
"name": "RHSA-2026:14210",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14210"
},
{
"name": "RHSA-2026:14211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14211"
},
{
"name": "RHSA-2026:14212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14212"
},
{
"name": "RHSA-2026:14213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14213"
},
{
"name": "RHSA-2026:14214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14214"
},
{
"name": "RHSA-2026:14215",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14215"
},
{
"name": "RHSA-2026:14216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14216"
},
{
"name": "RHSA-2026:19043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19043"
},
{
"name": "RHSA-2026:19200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19200"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-35092"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453169"
},
{
"name": "RHBZ#2453814",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453814"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-01T11:32:04.388Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-01T11:48:22.309Z",
"value": "Made public."
}
],
"title": "Corosync: corosync: denial of service via integer overflow in join message validation",
"workarounds": [
{
"lang": "en",
"value": "Systems using totemudp or totemudpu should migrate to the supported knet transport and enable encryption."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-35092",
"datePublished": "2026-04-01T13:18:55.551Z",
"dateReserved": "2026-04-01T11:35:23.146Z",
"dateUpdated": "2026-05-19T21:28:02.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35091 (GCVE-0-2026-35091)
Vulnerability from nvd – Published: 2026-04-01 13:18 – Updated: 2026-05-19 21:28
VLAI?
Title
Corosync: corosync: denial of service and information disclosure via crafted udp packet
Summary
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents
Severity ?
8.2 (High)
CWE
- CWE-253 - Incorrect Check of Function Return Value
Assigner
References
16 references
Impacted products
19 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:3.1.9-2.el10_1.1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:3.1.10-1.el10_2.1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support |
Unaffected:
0:3.1.9-1.el10_0.2 , < *
(rpm)
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:3.1.8-1.el8_10.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::highavailability cpe:/a:redhat:enterprise_linux:8::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:3.1.0-3.el8_4.2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::highavailability cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:3.1.0-3.el8_4.2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::highavailability cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:3.1.5-2.el8_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:3.1.5-2.el8_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:3.1.5-2.el8_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:3.1.7-1.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::highavailability cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:3.1.7-1.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::highavailability cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:3.1.9-2.el9_7.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::highavailability cpe:/a:redhat:enterprise_linux:9::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:3.1.10-1.el9_8.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::highavailability cpe:/a:redhat:enterprise_linux:9::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:3.1.5-3.el9_0.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/a:redhat:rhel_e4s:9.0::highavailability cpe:/a:redhat:rhel_e4s:9.0::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:3.1.7-1.el9_2.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_e4s:9.2::highavailability cpe:/a:redhat:rhel_e4s:9.2::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:3.1.8-1.el9_4.1 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/a:redhat:rhel_eus:9.4::highavailability cpe:/a:redhat:rhel_eus:9.4::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
0:3.1.9-2.el9_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::crb cpe:/a:redhat:rhel_eus:9.6::highavailability cpe:/a:redhat:rhel_eus:9.6::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
Date Public ?
2026-04-01 11:48
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T20:28:59.762709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T20:29:55.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-2.el10_1.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.10-1.el10_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-1.el10_0.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/a:redhat:enterprise_linux:8::highavailability",
"cpe:/a:redhat:enterprise_linux:8::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.8-1.el8_10.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::highavailability",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.0-3.el8_4.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::highavailability",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.0-3.el8_4.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::highavailability",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-2.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::highavailability",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-2.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::highavailability",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-2.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::highavailability",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.7-1.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::highavailability",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.7-1.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::highavailability",
"cpe:/a:redhat:enterprise_linux:9::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-2.el9_7.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::highavailability",
"cpe:/a:redhat:enterprise_linux:9::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.10-1.el9_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream",
"cpe:/a:redhat:rhel_e4s:9.0::highavailability",
"cpe:/a:redhat:rhel_e4s:9.0::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-3.el9_0.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream",
"cpe:/a:redhat:rhel_e4s:9.2::highavailability",
"cpe:/a:redhat:rhel_e4s:9.2::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.7-1.el9_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/a:redhat:rhel_eus:9.4::crb",
"cpe:/a:redhat:rhel_eus:9.4::highavailability",
"cpe:/a:redhat:rhel_eus:9.4::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.8-1.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream",
"cpe:/a:redhat:rhel_eus:9.6::crb",
"cpe:/a:redhat:rhel_eus:9.6::highavailability",
"cpe:/a:redhat:rhel_eus:9.6::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-2.el9_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Sebasti\u00e1n Alba Vives for reporting this issue."
}
],
"datePublic": "2026-04-01T11:48:13.254Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents"
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-253",
"description": "Incorrect Check of Function Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T21:28:00.751Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:13644",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13644"
},
{
"name": "RHSA-2026:13657",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13657"
},
{
"name": "RHSA-2026:13673",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13673"
},
{
"name": "RHSA-2026:14205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14205"
},
{
"name": "RHSA-2026:14210",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14210"
},
{
"name": "RHSA-2026:14211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14211"
},
{
"name": "RHSA-2026:14212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14212"
},
{
"name": "RHSA-2026:14213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14213"
},
{
"name": "RHSA-2026:14214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14214"
},
{
"name": "RHSA-2026:14215",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14215"
},
{
"name": "RHSA-2026:14216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14216"
},
{
"name": "RHSA-2026:19043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19043"
},
{
"name": "RHSA-2026:19200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19200"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-35091"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453169"
},
{
"name": "RHBZ#2453813",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453813"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-01T11:31:01.742Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-01T11:48:13.254Z",
"value": "Made public."
}
],
"title": "Corosync: corosync: denial of service and information disclosure via crafted udp packet",
"workarounds": [
{
"lang": "en",
"value": "Systems using totemudp or totemudpu should migrate to the supported knet transport and enable encryption.\n\nDisabling the Corosync service is a valid workaround if clustering is not required, but for active clusters, enabling encryption via knet is the preferred and recommended approach."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-253: Incorrect Check of Function Return Value"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-35091",
"datePublished": "2026-04-01T13:18:53.738Z",
"dateReserved": "2026-04-01T11:35:23.145Z",
"dateUpdated": "2026-05-19T21:28:00.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30472 (GCVE-0-2025-30472)
Vulnerability from nvd – Published: 2025-03-22 00:00 – Updated: 2025-11-03 18:09
VLAI?
Summary
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
Severity ?
9 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30472",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T15:10:00.490273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T15:10:15.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/corosync/corosync/issues/778"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:09:02.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Corosync",
"vendor": "Corosync",
"versions": [
{
"lessThanOrEqual": "3.1.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:corosync:corosync:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-22T01:25:08.583Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/corosync/corosync/blob/73ba225cc48ebb1903897c792065cb5e876613b0/exec/totemsrp.c#L4677"
},
{
"url": "https://github.com/corosync/corosync/issues/778"
},
{
"url": "https://corosync.org"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-30472",
"datePublished": "2025-03-22T00:00:00.000Z",
"dateReserved": "2025-03-22T00:00:00.000Z",
"dateUpdated": "2025-11-03T18:09:02.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-1084 (GCVE-0-2018-1084)
Vulnerability from nvd – Published: 2018-04-12 17:00 – Updated: 2024-08-05 03:51
VLAI?
Summary
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
Severity ?
7.5 (High)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/103758 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://www.debian.org/security/2018/dsa-4174 | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/errata/RHSA-2018:1169 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/4000-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://security.gentoo.org/glsa/202107-01 | vendor-advisoryx_refsource_GENTOO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | corosync |
Affected:
corosync 2.4.4
|
Date Public ?
2018-04-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103758"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084"
},
{
"name": "DSA-4174",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4174"
},
{
"name": "RHSA-2018:1169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1169"
},
{
"name": "USN-4000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4000-1/"
},
{
"name": "GLSA-202107-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "corosync",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "corosync 2.4.4"
}
]
}
],
"datePublic": "2018-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-03T03:06:21.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "103758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103758"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084"
},
{
"name": "DSA-4174",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4174"
},
{
"name": "RHSA-2018:1169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1169"
},
{
"name": "USN-4000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4000-1/"
},
{
"name": "GLSA-202107-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "corosync",
"version": {
"version_data": [
{
"version_value": "corosync 2.4.4"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103758"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084"
},
{
"name": "DSA-4174",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4174"
},
{
"name": "RHSA-2018:1169",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1169"
},
{
"name": "USN-4000-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4000-1/"
},
{
"name": "GLSA-202107-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1084",
"datePublished": "2018-04-12T17:00:00.000Z",
"dateReserved": "2017-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:51:48.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0250 (GCVE-0-2013-0250)
Vulnerability from nvd – Published: 2014-06-06 14:00 – Updated: 2024-08-06 14:18
VLAI?
Summary
The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/52037 | third-party-advisoryx_refsource_SECUNIA |
| https://github.com/corosync/corosync/commit/b3f45… | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2013/q1/213 | mailing-listx_refsource_MLIST |
| http://seclists.org/oss-sec/2013/q1/214 | mailing-listx_refsource_MLIST |
| http://seclists.org/oss-sec/2013/q1/212 | mailing-listx_refsource_MLIST |
Date Public ?
2013-02-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52037"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595"
},
{
"name": "[oss-security] 20130201 Re: CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/213"
},
{
"name": "[oss-security] 20130201 Re: Re: CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/214"
},
{
"name": "[oss-security] 20130201 CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/212"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-06T13:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "52037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52037"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595"
},
{
"name": "[oss-security] 20130201 Re: CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/213"
},
{
"name": "[oss-security] 20130201 Re: Re: CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/214"
},
{
"name": "[oss-security] 20130201 CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/212"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52037"
},
{
"name": "https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595",
"refsource": "CONFIRM",
"url": "https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595"
},
{
"name": "[oss-security] 20130201 Re: CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/213"
},
{
"name": "[oss-security] 20130201 Re: Re: CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/214"
},
{
"name": "[oss-security] 20130201 CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/212"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0250",
"datePublished": "2014-06-06T14:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:18:09.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-35092 (GCVE-0-2026-35092)
Vulnerability from cvelistv5 – Published: 2026-04-01 13:18 – Updated: 2026-05-19 21:28
VLAI?
Title
Corosync: corosync: denial of service via integer overflow in join message validation
Summary
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
Severity ?
7.5 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
16 references
Impacted products
19 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:3.1.9-2.el10_1.1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:3.1.10-1.el10_2.1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support |
Unaffected:
0:3.1.9-1.el10_0.2 , < *
(rpm)
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:3.1.8-1.el8_10.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::highavailability cpe:/a:redhat:enterprise_linux:8::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:3.1.0-3.el8_4.2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::highavailability cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:3.1.0-3.el8_4.2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::highavailability cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:3.1.5-2.el8_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:3.1.5-2.el8_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:3.1.5-2.el8_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:3.1.7-1.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::highavailability cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:3.1.7-1.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::highavailability cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:3.1.9-2.el9_7.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::highavailability cpe:/a:redhat:enterprise_linux:9::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:3.1.10-1.el9_8.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::highavailability cpe:/a:redhat:enterprise_linux:9::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:3.1.5-3.el9_0.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/a:redhat:rhel_e4s:9.0::highavailability cpe:/a:redhat:rhel_e4s:9.0::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:3.1.7-1.el9_2.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_e4s:9.2::highavailability cpe:/a:redhat:rhel_e4s:9.2::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:3.1.8-1.el9_4.1 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/a:redhat:rhel_eus:9.4::highavailability cpe:/a:redhat:rhel_eus:9.4::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
0:3.1.9-2.el9_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::crb cpe:/a:redhat:rhel_eus:9.6::highavailability cpe:/a:redhat:rhel_eus:9.6::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
Date Public ?
2026-04-01 11:48
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T13:29:07.148266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T13:32:35.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-2.el10_1.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.10-1.el10_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-1.el10_0.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/a:redhat:enterprise_linux:8::highavailability",
"cpe:/a:redhat:enterprise_linux:8::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.8-1.el8_10.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::highavailability",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.0-3.el8_4.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::highavailability",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.0-3.el8_4.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::highavailability",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-2.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::highavailability",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-2.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::highavailability",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-2.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::highavailability",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.7-1.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::highavailability",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.7-1.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::highavailability",
"cpe:/a:redhat:enterprise_linux:9::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-2.el9_7.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::highavailability",
"cpe:/a:redhat:enterprise_linux:9::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.10-1.el9_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream",
"cpe:/a:redhat:rhel_e4s:9.0::highavailability",
"cpe:/a:redhat:rhel_e4s:9.0::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-3.el9_0.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream",
"cpe:/a:redhat:rhel_e4s:9.2::highavailability",
"cpe:/a:redhat:rhel_e4s:9.2::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.7-1.el9_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/a:redhat:rhel_eus:9.4::crb",
"cpe:/a:redhat:rhel_eus:9.4::highavailability",
"cpe:/a:redhat:rhel_eus:9.4::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.8-1.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream",
"cpe:/a:redhat:rhel_eus:9.6::crb",
"cpe:/a:redhat:rhel_eus:9.6::highavailability",
"cpe:/a:redhat:rhel_eus:9.6::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-2.el9_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Sebasti\u00e1n Alba Vives for reporting this issue."
}
],
"datePublic": "2026-04-01T11:48:22.309Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Corosync. An integer overflow vulnerability in Corosync\u0027s join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T21:28:02.913Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:13644",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13644"
},
{
"name": "RHSA-2026:13657",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13657"
},
{
"name": "RHSA-2026:13673",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13673"
},
{
"name": "RHSA-2026:14205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14205"
},
{
"name": "RHSA-2026:14210",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14210"
},
{
"name": "RHSA-2026:14211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14211"
},
{
"name": "RHSA-2026:14212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14212"
},
{
"name": "RHSA-2026:14213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14213"
},
{
"name": "RHSA-2026:14214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14214"
},
{
"name": "RHSA-2026:14215",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14215"
},
{
"name": "RHSA-2026:14216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14216"
},
{
"name": "RHSA-2026:19043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19043"
},
{
"name": "RHSA-2026:19200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19200"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-35092"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453169"
},
{
"name": "RHBZ#2453814",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453814"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-01T11:32:04.388Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-01T11:48:22.309Z",
"value": "Made public."
}
],
"title": "Corosync: corosync: denial of service via integer overflow in join message validation",
"workarounds": [
{
"lang": "en",
"value": "Systems using totemudp or totemudpu should migrate to the supported knet transport and enable encryption."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-35092",
"datePublished": "2026-04-01T13:18:55.551Z",
"dateReserved": "2026-04-01T11:35:23.146Z",
"dateUpdated": "2026-05-19T21:28:02.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35091 (GCVE-0-2026-35091)
Vulnerability from cvelistv5 – Published: 2026-04-01 13:18 – Updated: 2026-05-19 21:28
VLAI?
Title
Corosync: corosync: denial of service and information disclosure via crafted udp packet
Summary
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents
Severity ?
8.2 (High)
CWE
- CWE-253 - Incorrect Check of Function Return Value
Assigner
References
16 references
Impacted products
19 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:3.1.9-2.el10_1.1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:3.1.10-1.el10_2.1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support |
Unaffected:
0:3.1.9-1.el10_0.2 , < *
(rpm)
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:3.1.8-1.el8_10.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::highavailability cpe:/a:redhat:enterprise_linux:8::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:3.1.0-3.el8_4.2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::highavailability cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:3.1.0-3.el8_4.2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::highavailability cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:3.1.5-2.el8_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:3.1.5-2.el8_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:3.1.5-2.el8_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:3.1.7-1.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::highavailability cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:3.1.7-1.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::highavailability cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::highavailability |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:3.1.9-2.el9_7.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::highavailability cpe:/a:redhat:enterprise_linux:9::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:3.1.10-1.el9_8.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::highavailability cpe:/a:redhat:enterprise_linux:9::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:3.1.5-3.el9_0.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/a:redhat:rhel_e4s:9.0::highavailability cpe:/a:redhat:rhel_e4s:9.0::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:3.1.7-1.el9_2.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_e4s:9.2::highavailability cpe:/a:redhat:rhel_e4s:9.2::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:3.1.8-1.el9_4.1 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/a:redhat:rhel_eus:9.4::highavailability cpe:/a:redhat:rhel_eus:9.4::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
0:3.1.9-2.el9_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::crb cpe:/a:redhat:rhel_eus:9.6::highavailability cpe:/a:redhat:rhel_eus:9.6::resilientstorage |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
Date Public ?
2026-04-01 11:48
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T20:28:59.762709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T20:29:55.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-2.el10_1.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.10-1.el10_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-1.el10_0.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/a:redhat:enterprise_linux:8::highavailability",
"cpe:/a:redhat:enterprise_linux:8::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.8-1.el8_10.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::highavailability",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.0-3.el8_4.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::highavailability",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.0-3.el8_4.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::highavailability",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-2.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::highavailability",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-2.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::highavailability",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-2.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::highavailability",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.7-1.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::highavailability",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::highavailability"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.7-1.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::highavailability",
"cpe:/a:redhat:enterprise_linux:9::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-2.el9_7.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::highavailability",
"cpe:/a:redhat:enterprise_linux:9::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.10-1.el9_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream",
"cpe:/a:redhat:rhel_e4s:9.0::highavailability",
"cpe:/a:redhat:rhel_e4s:9.0::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.5-3.el9_0.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream",
"cpe:/a:redhat:rhel_e4s:9.2::highavailability",
"cpe:/a:redhat:rhel_e4s:9.2::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.7-1.el9_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/a:redhat:rhel_eus:9.4::crb",
"cpe:/a:redhat:rhel_eus:9.4::highavailability",
"cpe:/a:redhat:rhel_eus:9.4::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.8-1.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream",
"cpe:/a:redhat:rhel_eus:9.6::crb",
"cpe:/a:redhat:rhel_eus:9.6::highavailability",
"cpe:/a:redhat:rhel_eus:9.6::resilientstorage"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.1.9-2.el9_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "corosync",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Sebasti\u00e1n Alba Vives for reporting this issue."
}
],
"datePublic": "2026-04-01T11:48:13.254Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents"
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-253",
"description": "Incorrect Check of Function Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T21:28:00.751Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:13644",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13644"
},
{
"name": "RHSA-2026:13657",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13657"
},
{
"name": "RHSA-2026:13673",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13673"
},
{
"name": "RHSA-2026:14205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14205"
},
{
"name": "RHSA-2026:14210",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14210"
},
{
"name": "RHSA-2026:14211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14211"
},
{
"name": "RHSA-2026:14212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14212"
},
{
"name": "RHSA-2026:14213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14213"
},
{
"name": "RHSA-2026:14214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14214"
},
{
"name": "RHSA-2026:14215",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14215"
},
{
"name": "RHSA-2026:14216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14216"
},
{
"name": "RHSA-2026:19043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19043"
},
{
"name": "RHSA-2026:19200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19200"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-35091"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453169"
},
{
"name": "RHBZ#2453813",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453813"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-01T11:31:01.742Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-01T11:48:13.254Z",
"value": "Made public."
}
],
"title": "Corosync: corosync: denial of service and information disclosure via crafted udp packet",
"workarounds": [
{
"lang": "en",
"value": "Systems using totemudp or totemudpu should migrate to the supported knet transport and enable encryption.\n\nDisabling the Corosync service is a valid workaround if clustering is not required, but for active clusters, enabling encryption via knet is the preferred and recommended approach."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-253: Incorrect Check of Function Return Value"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-35091",
"datePublished": "2026-04-01T13:18:53.738Z",
"dateReserved": "2026-04-01T11:35:23.145Z",
"dateUpdated": "2026-05-19T21:28:00.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30472 (GCVE-0-2025-30472)
Vulnerability from cvelistv5 – Published: 2025-03-22 00:00 – Updated: 2025-11-03 18:09
VLAI?
Summary
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
Severity ?
9 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30472",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T15:10:00.490273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T15:10:15.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/corosync/corosync/issues/778"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:09:02.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Corosync",
"vendor": "Corosync",
"versions": [
{
"lessThanOrEqual": "3.1.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:corosync:corosync:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-22T01:25:08.583Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/corosync/corosync/blob/73ba225cc48ebb1903897c792065cb5e876613b0/exec/totemsrp.c#L4677"
},
{
"url": "https://github.com/corosync/corosync/issues/778"
},
{
"url": "https://corosync.org"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-30472",
"datePublished": "2025-03-22T00:00:00.000Z",
"dateReserved": "2025-03-22T00:00:00.000Z",
"dateUpdated": "2025-11-03T18:09:02.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-1084 (GCVE-0-2018-1084)
Vulnerability from cvelistv5 – Published: 2018-04-12 17:00 – Updated: 2024-08-05 03:51
VLAI?
Summary
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
Severity ?
7.5 (High)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/103758 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://www.debian.org/security/2018/dsa-4174 | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/errata/RHSA-2018:1169 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/4000-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://security.gentoo.org/glsa/202107-01 | vendor-advisoryx_refsource_GENTOO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | corosync |
Affected:
corosync 2.4.4
|
Date Public ?
2018-04-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103758"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084"
},
{
"name": "DSA-4174",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4174"
},
{
"name": "RHSA-2018:1169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1169"
},
{
"name": "USN-4000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4000-1/"
},
{
"name": "GLSA-202107-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "corosync",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "corosync 2.4.4"
}
]
}
],
"datePublic": "2018-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-03T03:06:21.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "103758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103758"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084"
},
{
"name": "DSA-4174",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4174"
},
{
"name": "RHSA-2018:1169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1169"
},
{
"name": "USN-4000-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4000-1/"
},
{
"name": "GLSA-202107-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "corosync",
"version": {
"version_data": [
{
"version_value": "corosync 2.4.4"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103758"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084"
},
{
"name": "DSA-4174",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4174"
},
{
"name": "RHSA-2018:1169",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1169"
},
{
"name": "USN-4000-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4000-1/"
},
{
"name": "GLSA-202107-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1084",
"datePublished": "2018-04-12T17:00:00.000Z",
"dateReserved": "2017-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:51:48.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0250 (GCVE-0-2013-0250)
Vulnerability from cvelistv5 – Published: 2014-06-06 14:00 – Updated: 2024-08-06 14:18
VLAI?
Summary
The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/52037 | third-party-advisoryx_refsource_SECUNIA |
| https://github.com/corosync/corosync/commit/b3f45… | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2013/q1/213 | mailing-listx_refsource_MLIST |
| http://seclists.org/oss-sec/2013/q1/214 | mailing-listx_refsource_MLIST |
| http://seclists.org/oss-sec/2013/q1/212 | mailing-listx_refsource_MLIST |
Date Public ?
2013-02-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52037"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595"
},
{
"name": "[oss-security] 20130201 Re: CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/213"
},
{
"name": "[oss-security] 20130201 Re: Re: CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/214"
},
{
"name": "[oss-security] 20130201 CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/212"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-06T13:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "52037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52037"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595"
},
{
"name": "[oss-security] 20130201 Re: CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/213"
},
{
"name": "[oss-security] 20130201 Re: Re: CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/214"
},
{
"name": "[oss-security] 20130201 CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/212"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52037"
},
{
"name": "https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595",
"refsource": "CONFIRM",
"url": "https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595"
},
{
"name": "[oss-security] 20130201 Re: CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/213"
},
{
"name": "[oss-security] 20130201 Re: Re: CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/214"
},
{
"name": "[oss-security] 20130201 CVE Request -- Corosync (X \u003c 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/212"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0250",
"datePublished": "2014-06-06T14:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:18:09.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}