openEuler update for corosync

1) Stack-based buffer overflow

EUVDB-ID: #VU106058

Risk: Medium

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-30472

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error in orf_token_endian_convert() function in exec/totemsrp.c. A remote attacker can send an overly large UDP packet to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability requires that encryption is disabled.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

corosynclib-devel: before 3.1.5-2

corosynclib: before 3.1.5-2

corosync-vqsim: before 3.1.5-2

corosync-debugsource: before 3.1.5-2

corosync-debuginfo: before 3.1.5-2

corosync: before 3.1.5-2

CPE2.3

• cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:o:openeuler:corosynclib-devel:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:corosynclib:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:corosync-vqsim:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:corosync-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:corosync-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:o:openeuler:corosync:*:*:*:*:*:openeuler:*:*

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1365

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.