Astra Linux - уязвимость в corosync

Corosync versions up to 3.1.9 suffer from a stack-based buffer overflow in the orftokenendianconvert function, in the exec/totemsrp.c file. This vulnerability exists when encryption is disabled or if the attacker knows the encryption key. The issue is caused by a large UDP packet...

Astra Linux - уязвимость в corosync

The vulnerability of the coroparse.c component of the Corosync cluster engine is related to the improper release of memory before deleting the last reference. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

Linux Distros Unpatched Vulnerability : CVE-2026-35091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity...

EUVD-2026-17879

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a denial of service...

CVE-2026-35091

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a denial of service...

CVE-2025-30472

A flaw was found in Corosync. In affected versions, a stack-based buffer overflow may be triggered via a large UDP packet in configurations where encryption is disabled or if an attacker knows the encryption key. This issue can lead to an application crash or other undefined behavior. Mitigation ...