| Package | corosync |
|---|---|
| Version | 2.4.2-3+deb9u2 (stretch), 3.0.1-2+deb10u2 (buster) |
| Related CVEs | CVE-2025-30472 |
An issue has been found in corosync, a cluster engine daemon and utilities. A stack-based buffer overflow may happen when encryption is disabled or the attacker knows the encryption key and a large crafted UDP packet has to be processed.
For Debian 10 buster, these problems have been fixed in version 3.0.1-2+deb10u2.
For Debian 9 stretch, these problems have been fixed in version 2.4.2-3+deb9u2.
We recommend that you upgrade your corosync packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.