Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendian_convert in exec/totemsrp.c via a large UDP packet.
{ "binaries": [ { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "corosync" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "corosync-notifyd" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "corosync-vqsim" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "libcfg-dev" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "libcfg7" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "libcmap-dev" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "libcmap4" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "libcorosync-common-dev" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "libcorosync-common4" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "libcpg-dev" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "libcpg4" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "libquorum-dev" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "libquorum5" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "libsam-dev" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "libsam4" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "libvotequorum-dev" }, { "binary_version": "3.0.3-2ubuntu2.2", "binary_name": "libvotequorum8" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "corosync" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "corosync-notifyd" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "corosync-vqsim" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "libcfg-dev" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "libcfg7" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "libcmap-dev" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "libcmap4" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "libcorosync-common-dev" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "libcorosync-common4" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "libcpg-dev" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "libcpg4" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "libquorum-dev" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "libquorum5" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "libsam-dev" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "libsam4" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "libvotequorum-dev" }, { "binary_version": "3.1.6-1ubuntu1.1", "binary_name": "libvotequorum8" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "corosync" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "corosync-notifyd" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "corosync-vqsim" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "libcfg-dev" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "libcfg7" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "libcmap-dev" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "libcmap4" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "libcorosync-common-dev" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "libcorosync-common4" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "libcpg-dev" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "libcpg4" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "libquorum-dev" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "libquorum5" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "libsam-dev" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "libsam4" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "libvotequorum-dev" }, { "binary_version": "3.1.7-1ubuntu3.1", "binary_name": "libvotequorum8" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "3.1.8-3ubuntu2", "binary_name": "corosync" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "corosync-notifyd" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "corosync-vqsim" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "libcfg-dev" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "libcfg7" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "libcmap-dev" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "libcmap4" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "libcorosync-common-dev" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "libcorosync-common4" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "libcpg-dev" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "libcpg4" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "libquorum-dev" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "libquorum5" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "libsam-dev" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "libsam4" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "libvotequorum-dev" }, { "binary_version": "3.1.8-3ubuntu2", "binary_name": "libvotequorum8" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "corosync" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "corosync-dev" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "corosync-notifyd" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libcfg-dev" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libcfg6" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libcmap-dev" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libcmap4" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libcorosync-common-dev" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libcorosync-common4" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libcpg-dev" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libcpg4" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libquorum-dev" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libquorum5" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libsam-dev" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libsam4" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libtotem-pg-dev" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libtotem-pg5" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libvotequorum-dev" }, { "binary_version": "2.3.5-3ubuntu2.3", "binary_name": "libvotequorum7" } ] }
{ "binaries": [ { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "corosync" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "corosync-dev" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "corosync-notifyd" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "corosync-qdevice" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "corosync-qnetd" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libcfg-dev" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libcfg6" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libcmap-dev" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libcmap4" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libcorosync-common-dev" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libcorosync-common4" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libcpg-dev" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libcpg4" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libquorum-dev" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libquorum5" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libsam-dev" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libsam4" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libtotem-pg-dev" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libtotem-pg5" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libvotequorum-dev" }, { "binary_version": "2.4.3-0ubuntu1.3", "binary_name": "libvotequorum8" } ] }