NIXPKGS-2026-0943

GitHub issue published on

Permalink CVE-2026-35092

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 8 hours ago by @LeSuisse Activity log

Created automatic suggestion 12 hours ago
@LeSuisse removed package corosync-qdevice 8 hours ago
@LeSuisse accepted 8 hours ago
@LeSuisse published on GitHub 8 hours ago

Corosync: corosync: denial of service via integer overflow in join message validation

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.

References

https://access.redhat.com/security/cve/CVE-2026-35092 x_refsource_REDHATvdb-entry
https://bugzilla.redhat.com/show_bug.cgi?id=2453169
RHBZ#2453814 issue-trackingx_refsource_REDHAT

Affected products

rhcos

corosync

Matching in nixpkgs

pkgs.corosync

Group Communication System with features for implementing high availability within applications

nixos-unstable 3.1.9
- nixpkgs-unstable 3.1.9
- nixos-unstable-small 3.1.9
nixos-25.11 3.1.9
- nixos-25.11-small 3.1.9
- nixpkgs-25.11-darwin 3.1.9

Ignored packages (1)

pkgs.corosync-qdevice

Corosync Cluster Engine Qdevice

nixos-unstable 3.0.4
- nixpkgs-unstable 3.0.4
- nixos-unstable-small 3.0.4

Package maintainers

@ryantm Ryan Mulligan <ryan@ryantm.com>
@montag451 montag451 <montag451@laposte.net>

No upstream fix (2026-04-02)

RH tracking issue: https://bugzilla.redhat.com/show_bug.cgi?id=2453169