Vulnerability Database

315,362

Total vulnerabilities in the database

CVE-2025-30472

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

Published: Mar 22, 2025
Updated: Nov 4, 2025
CVE: CVE-2025-30472
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWEs:

CWE-787
CWE-121

Affected Software
References

Software	From	Fixed in
corosync / corosync	-	3.1.9.x

https://corosync.org
https://github.com/corosync/corosync/blob/73ba225cc48ebb1903897c792065cb5e876613b0/exec/totemsrp.c#L4677
https://github.com/corosync/corosync/issues/778
https://lists.debian.org/debian-lts-announce/2025/09/msg00023.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo