CVE-2026-35092: Corosync DoS Vulnerability in Totem UDP Mode
Plattform
linux
Komponente
corosync
Behoben in
2.5.4
CVE-2026-35092 describes a denial-of-service (DoS) vulnerability found in Corosync. Specifically, an integer overflow in the join message validation allows unauthenticated attackers to send crafted UDP packets, crashing the service. This issue affects Corosync deployments using totemudp/totemudpu mode. Currently, there is no official patch available to address this vulnerability.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-35092?
CVE-2026-35092 is a denial-of-service (DoS) vulnerability in Corosync that allows remote attackers to crash the service by sending crafted UDP packets.
Am I affected by CVE-2026-35092?
You are affected if you are using Corosync configured with totemudp or totemudpu mode. This configuration is vulnerable to crafted UDP packets causing a denial of service.
How do I fix or mitigate CVE-2026-35092?
Currently, there is no official patch available. Mitigation strategies may include network-level restrictions to limit UDP traffic from untrusted sources to your Corosync cluster.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten