ГлавнаяУязвимости → CVE-2026-35091
8.2высокая

CVE-2026-35091

Описание

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents

Затрагиваемое ПО
Corosync CorosyncRedhat OpenshiftRedhat Enterprise linux
CVSS
Балл8.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Источники
https://access.redhat.com/errata/RHSA-2026:13644https://access.redhat.com/errata/RHSA-2026:13657https://access.redhat.com/errata/RHSA-2026:13673https://access.redhat.com/errata/RHSA-2026:14205https://access.redhat.com/errata/RHSA-2026:14210https://access.redhat.com/errata/RHSA-2026:14211https://access.redhat.com/errata/RHSA-2026:14212https://access.redhat.com/errata/RHSA-2026:14213