CVE-2025-30472 Information

Description

Corosync through 3.1.9 if encryption is disabled or the attacker knows the encryption key has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

Reference

https://corosync.org https://github.com/corosync/corosync/blob/73ba225cc48ebb1903897c792065cb5e876613b0/exec/totemsrp.c#L4677 https://github.com/corosync/corosync/issues/778