The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| corosync | corosync | 2.0.2 |
| corosync | corosync | 2.0.0 |
| corosync | corosync | 2.1.1 |
| corosync | corosync | 2.1.0 |
| corosync | corosync | 2.0.1 |
| corosync | corosync | 2.2.0 |
| corosync | corosync | 2.0.3 |
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server | 7.0 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 9.0 |
| corosync | corosync | * |
| canonical | ubuntu_linux | 16.04 |
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 9.0 | CRITICAL | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H | 2.2 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| corosync | corosync | * |