#VU106058 Stack-based buffer overflow in corosync - CVE-2025-30472
Vulnerability identifier: #VU106058
Vulnerability risk: Medium
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-121
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
corosync
Server applications /
Frameworks for developing and running applications
Vendor: corosync
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in orf_token_endian_convert() function in exec/totemsrp.c. A remote attacker can send an overly large UDP packet to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability requires that encryption is disabled.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
corosync: 0.90 - 3.1.9
External links
https://github.com/corosync/corosync/blob/73ba225cc48ebb1903897c792065cb5e876613b0/exec/totemsrp.c#L4677
https://github.com/corosync/corosync/issues/778
https://github.com/advisories/GHSA-4q2r-xgxr-vvqm
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
