CVE-2013-0250

The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
corosynccorosync
2.0.0
corosynccorosync
2.0.1
corosynccorosync
2.0.2
corosynccorosync
2.0.3
corosynccorosync
2.1.0
corosynccorosync
2.1.1
corosynccorosync
2.2.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
corosync
bullseye
3.1.2-2
fixed
bookworm
3.1.7-1
fixed
sid
3.1.8-3
fixed
trixie
3.1.8-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
corosync
quantal
not-affected
precise
not-affected
oneiric
not-affected
lucid
not-affected
hardy
dne
References
http://seclists.org/oss-sec/2013/q1/212
http://seclists.org/oss-sec/2013/q1/213
http://seclists.org/oss-sec/2013/q1/214
http://secunia.com/advisories/52037
https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595
http://seclists.org/oss-sec/2013/q1/212
http://seclists.org/oss-sec/2013/q1/213
http://seclists.org/oss-sec/2013/q1/214
http://secunia.com/advisories/52037
https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595