Vulnerability-Lookup

alsa-2026:13657

Vulnerability from osv_almalinux

Published

2026-05-05 00:00

Modified

2026-05-06 08:44

Summary

Moderate: corosync security update

Details

The corosync packages provide the Corosync Cluster Engine and C APIs for AlmaLinux cluster software.

Security Fix(es):

corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091)
corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:13657	ADVISORY
	https://access.redhat.com/security/cve/CVE-2026-35091	REPORT
	https://access.redhat.com/security/cve/CVE-2026-35092	REPORT
	https://bugzilla.redhat.com/2453813	REPORT
	https://bugzilla.redhat.com/2453814	REPORT
	https://errata.almalinux.org/8/ALSA-2026-13657.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "corosync"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.8-1.el8_10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "corosync-vqsim"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.8-1.el8_10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "corosynclib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.8-1.el8_10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "corosynclib-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.8-1.el8_10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "spausedd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.8-1.el8_10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The corosync packages provide the Corosync Cluster Engine and C APIs for AlmaLinux cluster software.  \n\nSecurity Fix(es):  \n\n  * corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091)\n  * corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:13657",
  "modified": "2026-05-06T08:44:52Z",
  "published": "2026-05-05T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:13657"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-35091"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-35092"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453813"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2453814"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2026-13657.html"
    }
  ],
  "related": [
    "CVE-2026-35091",
    "CVE-2026-35092"
  ],
  "summary": "Moderate: corosync security update"
}

CVE-2026-35092 (GCVE-0-2026-35092)

Vulnerability from cvelistv5 – Published: 2026-04-01 13:18 – Updated: 2026-05-06 20:40

Title

Corosync: corosync: denial of service via integer overflow in join message validation

Summary

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:13644	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:13657	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:13673	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14205	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14210	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14211	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14212	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14213	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14214	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14215	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14216	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2026-35092	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2453169
	https://bugzilla.redhat.com/show_bug.cgi?id=2453814	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 10

Unaffected: 0:3.1.9-2.el10_1.1 , < * (rpm)
cpe:/o:redhat:enterprise_linux:10.1

Red Hat	Red Hat Enterprise Linux 10.0 Extended Update Support	Unaffected: 0:3.1.9-1.el10_0.2 , < * (rpm) cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:3.1.8-1.el8_10.1 , < * (rpm) cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::highavailability cpe:/a:redhat:enterprise_linux:8::resilientstorage
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:3.1.0-3.el8_4.2 , < * (rpm) cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::highavailability cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Unaffected: 0:3.1.0-3.el8_4.2 , < * (rpm) cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::highavailability cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:3.1.5-2.el8_6.1 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:3.1.5-2.el8_6.1 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:3.1.5-2.el8_6.1 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Unaffected: 0:3.1.7-1.el8_8.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::highavailability cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::highavailability
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Unaffected: 0:3.1.7-1.el8_8.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::highavailability cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::highavailability
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.1.9-2.el9_7.1 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::highavailability cpe:/a:redhat:enterprise_linux:9::resilientstorage
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:3.1.5-3.el9_0.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/a:redhat:rhel_e4s:9.0::highavailability cpe:/a:redhat:rhel_e4s:9.0::resilientstorage
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:3.1.7-1.el9_2.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_e4s:9.2::highavailability cpe:/a:redhat:rhel_e4s:9.2::resilientstorage
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:3.1.8-1.el9_4.1 , < * (rpm) cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/a:redhat:rhel_eus:9.4::highavailability cpe:/a:redhat:rhel_eus:9.4::resilientstorage
Red Hat	Red Hat Enterprise Linux 9.6 Extended Update Support	Unaffected: 0:3.1.9-2.el9_6.1 , < * (rpm) cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::crb cpe:/a:redhat:rhel_eus:9.6::highavailability cpe:/a:redhat:rhel_eus:9.6::resilientstorage
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Date Public ?

2026-04-01 11:48

Credits

Red Hat would like to thank Sebastián Alba Vives for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35092",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-01T13:29:07.148266Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-01T13:32:35.483Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.9-2.el10_1.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.9-1.el10_0.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/a:redhat:enterprise_linux:8::highavailability",
            "cpe:/a:redhat:enterprise_linux:8::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.8-1.el8_10.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::highavailability",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.0-3.el8_4.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::highavailability",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.0-3.el8_4.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::highavailability",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::highavailability"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.5-2.el8_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::highavailability",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::highavailability"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.5-2.el8_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::highavailability",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::highavailability"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.5-2.el8_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_e4s:8.8::highavailability",
            "cpe:/a:redhat:rhel_tus:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::highavailability"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.7-1.el8_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_e4s:8.8::highavailability",
            "cpe:/a:redhat:rhel_tus:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::highavailability"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.7-1.el8_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::highavailability",
            "cpe:/a:redhat:enterprise_linux:9::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.9-2.el9_7.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream",
            "cpe:/a:redhat:rhel_e4s:9.0::highavailability",
            "cpe:/a:redhat:rhel_e4s:9.0::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.5-3.el9_0.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/a:redhat:rhel_e4s:9.2::highavailability",
            "cpe:/a:redhat:rhel_e4s:9.2::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.7-1.el9_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/a:redhat:rhel_eus:9.4::crb",
            "cpe:/a:redhat:rhel_eus:9.4::highavailability",
            "cpe:/a:redhat:rhel_eus:9.4::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.8-1.el9_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::appstream",
            "cpe:/a:redhat:rhel_eus:9.6::crb",
            "cpe:/a:redhat:rhel_eus:9.6::highavailability",
            "cpe:/a:redhat:rhel_eus:9.6::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.9-2.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Sebasti\u00e1n Alba Vives for reporting this issue."
        }
      ],
      "datePublic": "2026-04-01T11:48:22.309Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Corosync. An integer overflow vulnerability in Corosync\u0027s join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-06T20:40:46.447Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:13644",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:13644"
        },
        {
          "name": "RHSA-2026:13657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:13657"
        },
        {
          "name": "RHSA-2026:13673",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:13673"
        },
        {
          "name": "RHSA-2026:14205",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14205"
        },
        {
          "name": "RHSA-2026:14210",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14210"
        },
        {
          "name": "RHSA-2026:14211",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14211"
        },
        {
          "name": "RHSA-2026:14212",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14212"
        },
        {
          "name": "RHSA-2026:14213",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14213"
        },
        {
          "name": "RHSA-2026:14214",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14214"
        },
        {
          "name": "RHSA-2026:14215",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14215"
        },
        {
          "name": "RHSA-2026:14216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14216"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-35092"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453169"
        },
        {
          "name": "RHBZ#2453814",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453814"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-01T11:32:04.388Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-01T11:48:22.309Z",
          "value": "Made public."
        }
      ],
      "title": "Corosync: corosync: denial of service via integer overflow in join message validation",
      "workarounds": [
        {
          "lang": "en",
          "value": "Restrict network access to Corosync cluster communication ports. Configure firewall rules to limit incoming UDP traffic to the Corosync service (default port 5405) to only trusted hosts within the cluster. This will prevent unauthenticated remote attackers from sending crafted packets to exploit the vulnerability. A service restart may be required for firewall changes to take full effect."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-35092",
    "datePublished": "2026-04-01T13:18:55.551Z",
    "dateReserved": "2026-04-01T11:35:23.146Z",
    "dateUpdated": "2026-05-06T20:40:46.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-35091 (GCVE-0-2026-35091)

Vulnerability from cvelistv5 – Published: 2026-04-01 13:18 – Updated: 2026-05-06 20:40

Title

Corosync: corosync: denial of service and information disclosure via crafted udp packet

Summary

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE

CWE-253 - Incorrect Check of Function Return Value

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:13644	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:13657	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:13673	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14205	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14210	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14211	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14212	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14213	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14214	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14215	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:14216	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2026-35091	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2453169
	https://bugzilla.redhat.com/show_bug.cgi?id=2453813	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 10

Unaffected: 0:3.1.9-2.el10_1.1 , < * (rpm)
cpe:/o:redhat:enterprise_linux:10.1

Red Hat	Red Hat Enterprise Linux 10.0 Extended Update Support	Unaffected: 0:3.1.9-1.el10_0.2 , < * (rpm) cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:3.1.8-1.el8_10.1 , < * (rpm) cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::highavailability cpe:/a:redhat:enterprise_linux:8::resilientstorage
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:3.1.0-3.el8_4.2 , < * (rpm) cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::highavailability cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Unaffected: 0:3.1.0-3.el8_4.2 , < * (rpm) cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::highavailability cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:3.1.5-2.el8_6.1 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:3.1.5-2.el8_6.1 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:3.1.5-2.el8_6.1 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::highavailability cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::highavailability
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Unaffected: 0:3.1.7-1.el8_8.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::highavailability cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::highavailability
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Unaffected: 0:3.1.7-1.el8_8.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::highavailability cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::highavailability
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:3.1.9-2.el9_7.1 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::highavailability cpe:/a:redhat:enterprise_linux:9::resilientstorage
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:3.1.5-3.el9_0.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/a:redhat:rhel_e4s:9.0::highavailability cpe:/a:redhat:rhel_e4s:9.0::resilientstorage
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:3.1.7-1.el9_2.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_e4s:9.2::highavailability cpe:/a:redhat:rhel_e4s:9.2::resilientstorage
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:3.1.8-1.el9_4.1 , < * (rpm) cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/a:redhat:rhel_eus:9.4::highavailability cpe:/a:redhat:rhel_eus:9.4::resilientstorage
Red Hat	Red Hat Enterprise Linux 9.6 Extended Update Support	Unaffected: 0:3.1.9-2.el9_6.1 , < * (rpm) cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::crb cpe:/a:redhat:rhel_eus:9.6::highavailability cpe:/a:redhat:rhel_eus:9.6::resilientstorage
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Date Public ?

2026-04-01 11:48

Credits

Red Hat would like to thank Sebastián Alba Vives for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35091",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-01T20:28:59.762709Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-01T20:29:55.615Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.9-2.el10_1.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.9-1.el10_0.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/a:redhat:enterprise_linux:8::highavailability",
            "cpe:/a:redhat:enterprise_linux:8::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.8-1.el8_10.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::highavailability",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.0-3.el8_4.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::highavailability",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::highavailability"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.0-3.el8_4.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::highavailability",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::highavailability"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.5-2.el8_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::highavailability",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::highavailability"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.5-2.el8_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::highavailability",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::highavailability"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.5-2.el8_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_e4s:8.8::highavailability",
            "cpe:/a:redhat:rhel_tus:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::highavailability"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.7-1.el8_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_e4s:8.8::highavailability",
            "cpe:/a:redhat:rhel_tus:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::highavailability"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.7-1.el8_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::highavailability",
            "cpe:/a:redhat:enterprise_linux:9::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.9-2.el9_7.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream",
            "cpe:/a:redhat:rhel_e4s:9.0::highavailability",
            "cpe:/a:redhat:rhel_e4s:9.0::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.5-3.el9_0.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/a:redhat:rhel_e4s:9.2::highavailability",
            "cpe:/a:redhat:rhel_e4s:9.2::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.7-1.el9_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/a:redhat:rhel_eus:9.4::crb",
            "cpe:/a:redhat:rhel_eus:9.4::highavailability",
            "cpe:/a:redhat:rhel_eus:9.4::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.8-1.el9_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::appstream",
            "cpe:/a:redhat:rhel_eus:9.6::crb",
            "cpe:/a:redhat:rhel_eus:9.6::highavailability",
            "cpe:/a:redhat:rhel_eus:9.6::resilientstorage"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.9-2.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "corosync",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Sebasti\u00e1n Alba Vives for reporting this issue."
        }
      ],
      "datePublic": "2026-04-01T11:48:13.254Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-253",
              "description": "Incorrect Check of Function Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-06T20:40:45.680Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:13644",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:13644"
        },
        {
          "name": "RHSA-2026:13657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:13657"
        },
        {
          "name": "RHSA-2026:13673",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:13673"
        },
        {
          "name": "RHSA-2026:14205",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14205"
        },
        {
          "name": "RHSA-2026:14210",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14210"
        },
        {
          "name": "RHSA-2026:14211",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14211"
        },
        {
          "name": "RHSA-2026:14212",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14212"
        },
        {
          "name": "RHSA-2026:14213",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14213"
        },
        {
          "name": "RHSA-2026:14214",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14214"
        },
        {
          "name": "RHSA-2026:14215",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14215"
        },
        {
          "name": "RHSA-2026:14216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14216"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-35091"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453169"
        },
        {
          "name": "RHBZ#2453813",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453813"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-01T11:31:01.742Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-01T11:48:13.254Z",
          "value": "Made public."
        }
      ],
      "title": "Corosync: corosync: denial of service and information disclosure via crafted udp packet",
      "workarounds": [
        {
          "lang": "en",
          "value": "Systems using totemudp or totemudpu should migrate to the supported knet transport and enable encryption.\n\nDisabling the Corosync service is a valid workaround if clustering is not required, but for active clusters, enabling encryption via knet is the preferred and recommended approach."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-253: Incorrect Check of Function Return Value"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-35091",
    "datePublished": "2026-04-01T13:18:53.738Z",
    "dateReserved": "2026-04-01T11:35:23.145Z",
    "dateUpdated": "2026-05-06T20:40:45.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2026:13657

Vulnerability from osv_almalinux

CVE-2026-35092 (GCVE-0-2026-35092)

CVE-2026-35091 (GCVE-0-2026-35091)

Tags

Sightings

Nomenclature