CVE-2025-30472 — Stack-based Buffer Overflow in Corosync

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write7 documents7 sources

Severity

9.8CRITICALNVD

EPSS

0.2%

top 56.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Corosync Debian Corosync

Timeline

PublishedMar 22

Latest updateMar 30

Description

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/corosync< corosync 3.1.7-1+deb12u1 (bookworm)

▶Debiancorosync/corosync< 3.1.2-2+deb11u1+3

▶NVDcorosync/corosync3.1.9

🔴Vulnerability Details

GHSA

GHSA-4q2r-xgxr-vvqm: Corosync through 3↗2025-03-22

▶

OSV

CVE-2025-30472: Corosync through 3↗2025-03-22

▶

📋Vendor Advisories

Ubuntu

Corosync vulnerability↗2025-05-05

▶

Red Hat

corosync: Stack buffer overflow from 'orf_token_endian_convert'↗2025-03-22

▶

Debian

CVE-2025-30472: corosync - Corosync through 3.1.9, if encryption is disabled or the attacker knows the encr...↗2025

▶

💬Community

Bugzilla

corosync: pre-auth OOB read in check_memb_commit_token_sanity + integer overflow in check_memb_join_sanity↗2026-03-30

▶