Search CVE reports
1 – 3 of 3 results
CVE-2025-30472
Medium prioritySome fixes available 5 of 7
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
1 affected package
corosync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| corosync | Fixed | Fixed | Fixed | Needs evaluation |
CVE-2018-1084
Medium prioritySome fixes available 2 of 3
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
1 affected package
corosync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| corosync | — | — | — | Fixed |
CVE-2013-0250
Medium priorityThe init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet.
1 affected package
corosync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| corosync | — | — | — | — |