A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration.
2.3.4-0ubuntu12.3.5-32.3.5-3ubuntu12.3.5-3ubuntu22.3.5-3ubuntu2.12.3.5-3ubuntu2.32.4.2-3build12.4.2-3ubuntu12.4.3-0ubuntu12.4.3-0ubuntu1.12.4.3-0ubuntu1.22.4.3-0ubuntu1.33.0.1-2ubuntu13.0.2-1ubuntu13.0.2-1ubuntu23.0.3-2ubuntu13.0.3-2ubuntu23.0.3-2ubuntu2.13.0.3-2ubuntu2.23.1.6-1ubuntu1.23.1.7-1ubuntu3.23.1.9-2ubuntu1.1Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:LI:NA:HCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H