CVE-2026-35092

EUVD-2026-17881
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
corosynccorosync
-
redhatopenshift
4.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
corosync
bionic
needs-triage
focal
needs-triage
jammy
Fixed 3.1.6-1ubuntu1.2
released
noble
Fixed 3.1.7-1ubuntu3.2
released
questing
Fixed 3.1.9-2ubuntu1.1
released
resolute
not-affected
xenial
needs-triage
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
corosync
RHEL 8
0:3.1.8-1.el8_10.1
fixed
RHEL 8.4 AUS
0:3.1.0-3.el8_4.2
fixed
RHEL 8.6 E4S
0:3.1.5-2.el8_6.1
fixed
RHEL 8.6 TUS
0:3.1.5-2.el8_6.1
fixed
RHEL 8.8 E4S
0:3.1.7-1.el8_8.1
fixed
RHEL 8.8 TUS
0:3.1.7-1.el8_8.1
fixed
RHEL 9
0:3.1.9-2.el9_7.1
fixed
corosync-vqsim
RHEL 8
0:3.1.8-1.el8_10.1
fixed
RHEL 9
0:3.1.9-2.el9_7.1
fixed
corosynclib
RHEL 8
0:3.1.8-1.el8_10.1
fixed
RHEL 8.4 AUS
0:3.1.0-3.el8_4.2
fixed
RHEL 8.6 E4S
0:3.1.5-2.el8_6.1
fixed
RHEL 8.6 TUS
0:3.1.5-2.el8_6.1
fixed
RHEL 8.8 E4S
0:3.1.7-1.el8_8.1
fixed
RHEL 8.8 TUS
0:3.1.7-1.el8_8.1
fixed
RHEL 9
0:3.1.9-2.el9_7.1
fixed
corosynclib-devel
RHEL 8
0:3.1.8-1.el8_10.1
fixed
RHEL 8.4 AUS
0:3.1.0-3.el8_4.2
fixed
RHEL 8.6 E4S
0:3.1.5-2.el8_6.1
fixed
RHEL 8.6 TUS
0:3.1.5-2.el8_6.1
fixed
RHEL 8.8 E4S
0:3.1.7-1.el8_8.1
fixed
RHEL 8.8 TUS
0:3.1.7-1.el8_8.1
fixed
RHEL 9
0:3.1.9-2.el9_7.1
fixed
spausedd
RHEL 8
0:3.1.8-1.el8_10.1
fixed
RHEL 8.4 AUS
0:3.1.0-3.el8_4.2
fixed
RHEL 8.6 E4S
0:3.1.5-2.el8_6.1
fixed
RHEL 8.6 TUS
0:3.1.5-2.el8_6.1
fixed
RHEL 8.8 E4S
0:3.1.7-1.el8_8.1
fixed
RHEL 8.8 TUS
0:3.1.7-1.el8_8.1
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2026:13644
https://access.redhat.com/errata/RHSA-2026:13657
https://access.redhat.com/errata/RHSA-2026:13673
https://access.redhat.com/errata/RHSA-2026:14205
https://access.redhat.com/errata/RHSA-2026:14210
https://access.redhat.com/errata/RHSA-2026:14211
https://access.redhat.com/errata/RHSA-2026:14212
https://access.redhat.com/errata/RHSA-2026:14213
https://access.redhat.com/errata/RHSA-2026:14214
https://access.redhat.com/errata/RHSA-2026:14215
https://access.redhat.com/errata/RHSA-2026:14216
https://access.redhat.com/security/cve/CVE-2026-35092
https://bugzilla.redhat.com/show_bug.cgi?id=2453169
https://bugzilla.redhat.com/show_bug.cgi?id=2453814