HarborGuard / CVE
Back to search
HIGHCVE-2026-35092Published Modified CNA redhat

CVE-2026-35092: Corosync: corosync: denial of service via integer overflow in join message validation

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
0:2.4.5-7.el7_9.3
Affected Products
19

Fix available

0:2.4.5-7.el7_9.30:3.1.0-3.el8_4.20:3.1.5-2.el8_6.10:3.1.5-3.el9_0.10:3.1.7-1.el8_8.10:3.1.7-1.el9_2.10:3.1.8-1.el8_10.10:3.1.8-1.el9_4.10:3.1.9-1.el10_0.20:3.1.9-2.el10_1.10:3.1.9-2.el9_6.10:3.1.9-2.el9_7.10:3.1.10-1.el10_2.10:3.1.10-1.el9_8.1
Affected packages
  • Red Hat / Red Hat Enterprise Linux 10
    Fixed in 0:3.1.9-2.el10_1.1
  • Red Hat / Red Hat Enterprise Linux 10
    Fixed in 0:3.1.10-1.el10_2.1
  • Red Hat / Red Hat Enterprise Linux 10.0 Extended Update Support
    Fixed in 0:3.1.9-1.el10_0.2
  • Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
    Fixed in 0:2.4.5-7.el7_9.3
  • Red Hat / Red Hat Enterprise Linux 8
    Fixed in 0:3.1.8-1.el8_10.1
  • Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
    Fixed in 0:3.1.0-3.el8_4.2
  • Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
    Fixed in 0:3.1.0-3.el8_4.2
  • Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
    Fixed in 0:3.1.5-2.el8_6.1
  • Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
    Fixed in 0:3.1.5-2.el8_6.1
  • Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
    Fixed in 0:3.1.5-2.el8_6.1
  • Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
    Fixed in 0:3.1.7-1.el8_8.1
  • Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
    Fixed in 0:3.1.7-1.el8_8.1
  • Red Hat / Red Hat Enterprise Linux 9
    Fixed in 0:3.1.9-2.el9_7.1
  • Red Hat / Red Hat Enterprise Linux 9
    Fixed in 0:3.1.10-1.el9_8.1
  • Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
    Fixed in 0:3.1.5-3.el9_0.1
  • Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
    Fixed in 0:3.1.7-1.el9_2.1
  • Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
    Fixed in 0:3.1.8-1.el9_4.1
  • Red Hat / Red Hat Enterprise Linux 9.6 Extended Update Support
    Fixed in 0:3.1.9-2.el9_6.1
  • Red Hat / Red Hat OpenShift Container Platform 4
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References