Description
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
Published: 2026-04-01
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via integer overflow in Corosync
Action: Apply Workaround
AI Analysis

Impact

A flaw in Corosync allows a remote unauthenticated attacker to send crafted UDP packets that trigger an integer overflow during join message sanity validation, causing the Corosync service to crash and resulting in a denial of service. The weakness is an integer overflow (CWE‑190) that can be triggered by malformed totemudp/TOTEMUDPU join messages.

Affected Systems

Red Hat Enterprise Linux 10, 7, 8, and 9, as well as Red Hat OpenShift Container Platform 4, are affected when Corosync is configured to use the totemudp/totemudpu mode. Specific Corosync or OS version numbers are not enumerated in the advisory.

Risk and Exploitability

The CVSS score of 7.5 indicates a medium to high severity level. The EPSS score is less than 1 %, signifying a low probability that this flaw will be exploited, and it does not appear in the CISA KEV catalog. Attackers can exploit the flaw by sending crafted UDP packets to Corosync’s default port 5405; the malformed join messages trigger an integer overflow during validation, causing the service to crash. This denial of service can be repeated until the service is manually restarted, potentially disrupting cluster operations.

Generated by OpenCVE AI on April 7, 2026 at 23:07 UTC.

Remediation

Vendor Workaround

Restrict network access to Corosync cluster communication ports. Configure firewall rules to limit incoming UDP traffic to the Corosync service (default port 5405) to only trusted hosts within the cluster. This will prevent unauthenticated remote attackers from sending crafted packets to exploit the vulnerability. A service restart may be required for firewall changes to take full effect.

OpenCVE Recommended Actions

  • Restrict incoming UDP traffic on Corosync’s port 5405 to only trusted hosts within the cluster using firewall rules.
  • Restart the Corosync service to ensure firewall changes take effect.
  • Monitor system logs for Corosync crash events and verify that the service remains stable.
  • Check for vendor releases that fix the underlying integer overflow and apply the patch when available.
  • Consider segmenting the network or limiting exposure of the Corosync communication interface if possible.

Generated by OpenCVE AI on April 7, 2026 at 23:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8170-1 Corosync vulnerabilities
History

Tue, 05 May 2026 10:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb
cpe:/a:redhat:enterprise_linux:8::highavailability
cpe:/a:redhat:enterprise_linux:8::resilientstorage
References

Tue, 05 May 2026 10:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.1
References

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Corosync
Corosync corosync
CPEs cpe:2.3:a:corosync:corosync:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Corosync
Corosync corosync

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Container Platform
Vendors & Products Redhat openshift Container Platform

Thu, 02 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
Title Corosync: corosync: denial of service via integer overflow in join message validation
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-190
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Corosync Corosync
Redhat Enterprise Linux Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-05-05T10:22:57.207Z

Reserved: 2026-04-01T11:35:23.146Z

Link: CVE-2026-35092

cve-icon Vulnrichment

Updated: 2026-04-01T13:30:10.667Z

cve-icon NVD

Status : Modified

Published: 2026-04-01T14:16:57.237

Modified: 2026-05-05T11:16:33.240

Link: CVE-2026-35092

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-01T11:48:22Z

Links: CVE-2026-35092 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:59:49Z

Weaknesses