CVE-2025-30472

Published: 3/22/2025 Last updated: 11/3/2025 Reserved: 3/22/2025

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	9	Critical	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Opam packages affected (1)

conf-libcorosync

Products affected (1)

Product	Vendor	Version
Corosync	Corosync	9.15.1.17

References (10)

https://github.com/corosync/corosync/blob/73ba225cc48ebb1903897c792065cb5e876613b0/exec/totemsrp.c#L4677
https://github.com/corosync/corosync/issues/778
https://corosync.org
https://github.com/corosync/corosync/issues/778
https://lists.debian.org/debian-lts-announce/2025/09/msg00023.html
https://github.com/corosync/corosync/blob/73ba225cc48ebb1903897c792065cb5e876613b0/exec/totemsrp.c#L4677
https://github.com/corosync/corosync/issues/778
https://corosync.org
https://github.com/corosync/corosync/issues/778
https://lists.debian.org/debian-lts-announce/2025/09/msg00023.html