UNKNOWNCVE-2026-35091

Corosync: corosync: denial of service and information disclosure via crafted udp packet

Platform

linux

Component

corosync

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration.

How to fix

Actualice Corosync a la última versión disponible proporcionada por Red Hat. Esto solucionará la vulnerabilidad de lectura fuera de límites causada por paquetes UDP manipulados. Consulte las notas de la versión para obtener instrucciones específicas de actualización.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free