ГлавнаяУязвимости → CVE-2026-35092
7.5высокая

CVE-2026-35092

Описание

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.

Затрагиваемое ПО
Corosync CorosyncRedhat OpenshiftRedhat Enterprise linux
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://access.redhat.com/errata/RHSA-2026:13644https://access.redhat.com/errata/RHSA-2026:13657https://access.redhat.com/errata/RHSA-2026:13673https://access.redhat.com/errata/RHSA-2026:14205https://access.redhat.com/errata/RHSA-2026:14210https://access.redhat.com/errata/RHSA-2026:14211https://access.redhat.com/errata/RHSA-2026:14212https://access.redhat.com/errata/RHSA-2026:14213