INFSA-2025:7478: corosync security update
Information about definition
Identificator: INFSA-2025:7478
Type: security
Release date: 2025-07-15 19:24:26 UTC
Information about package
The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software.
Vulnerabilities description
- CVE-2025-30472
A flaw was found in Corosync. In affected versions, a stack-based buffer overflow may be triggered via a large UDP packet in configurations where encryption is disabled or if an attacker knows the encryption key. This issue can lead to an application crash or other undefined behavior.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-30472
|
no information | 6.6 | no information |
Updated packages