INFSA-2025:7201: corosync security update
Information about definition
Identificator: INFSA-2025:7201
Type: security
Release date: 2025-06-10 09:10:16 UTC
Information about package
The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software.
Vulnerabilities description
- CVE-2025-30472
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-30472
|
no information | 6.6 | no information |
Updated packages