Bug 2354229 (CVE-2025-30472)

Summary: CVE-2025-30472 corosync: Stack buffer overflow from 'orf_token_endian_convert'
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: eglynn, jjoyce, jschluet, lhh, lsvaty, mburns, mgarciac, pgrist
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in Corosync. In affected versions, a stack-based buffer overflow may be triggered via a large UDP packet in configurations where encryption is disabled or if an attacker knows the encryption key. This issue can lead to an application crash or other undefined behavior.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2354381, 2354382, 2354383, 2354384    
Bug Blocks:    

Description OSIDB Bzimport 2025-03-22 02:01:07 UTC 
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
Comment 3 errata-xmlrpc 2025-05-13 10:20:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:7201 https://access.redhat.com/errata/RHSA-2025:7201
Comment 4 errata-xmlrpc 2025-05-13 15:57:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:7478 https://access.redhat.com/errata/RHSA-2025:7478