oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2018-1084 corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function

From: Raphael Sanchez Prudencio <rasanche () redhat com>
Date: Thu, 12 Apr 2018 14:16:48 +0200
Description
===========

An integer overflow leading to an out-of-bound read was found in
authenticate_nss_2_3() in Corosync. An attacker could craft a malicious
packet that would lead to a denial of service.


Affected versions
=================

All versions of Corosync from 2.0.0 to 2.4.3 are vulnerable.


Patched versions
================

Corosync 2.4.4 includes the patch that fixes this vulnerability.


Credits
=======

This issue was discovered by Citrix Security Response Team.


Reference
==========

https://github.com/corosync/corosync/commit/fc1d5418533c1faf21616b282c2559bed7d361c4
https://bugzilla.redhat.com/show_bug.cgi?id=1552830

-- 
Raphael Sanchez Prudencio
Red Hat Product Security
Previous By Date Next
Previous By Thread Next

Current thread: