Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

corosync

Source -

CNANVD

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

5
Related CVEsRelated VendorsRelated AssignersReports
5Vulnerabilities found
CVE-2026-35092
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 58.78%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 13:18
Updated-29 May, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Corosync: corosync: denial of service via integer overflow in join message validation

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.

Action-Not Available
Vendor-corosyncRed Hat, Inc.
Product-enterprise_linuxopenshiftcorosyncRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-35091
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.2||HIGH
EPSS-0.28% / 52.06%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 13:18
Updated-29 May, 2026 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Corosync: corosync: denial of service and information disclosure via crafted udp packet

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents

Action-Not Available
Vendor-corosyncRed Hat, Inc.
Product-enterprise_linuxopenshiftcorosyncRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
CWE ID-CWE-253
Incorrect Check of Function Return Value
CVE-2025-30472
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9||CRITICAL
EPSS-0.16% / 36.31%
||
7 Day CHG~0.00%
Published-22 Mar, 2025 | 00:00
Updated-03 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

Action-Not Available
Vendor-corosyncCorosync
Product-corosyncCorosync
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-1084
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 54.67%
||
7 Day CHG~0.00%
Published-12 Apr, 2018 | 17:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.

Action-Not Available
Vendor-corosyncunspecifiedCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxcorosynccorosync
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2013-0250
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.94% / 76.66%
||
7 Day CHG~0.00%
Published-06 Jun, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet.

Action-Not Available
Vendor-corosyncn/a
Product-corosyncn/a