NIXPKGS-2026-0942

GitHub issue published on

Permalink CVE-2026-35091

8.2 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 8 hours ago by @LeSuisse Activity log

Created automatic suggestion 12 hours ago
@LeSuisse removed package corosync-qdevice 9 hours ago
@LeSuisse accepted 8 hours ago
@LeSuisse published on GitHub 8 hours ago

Corosync: corosync: denial of service and information disclosure via crafted udp packet

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration.

References

https://access.redhat.com/security/cve/CVE-2026-35091 x_refsource_REDHATvdb-entry
https://bugzilla.redhat.com/show_bug.cgi?id=2453169
RHBZ#2453813 issue-trackingx_refsource_REDHAT

Affected products

rhcos

corosync

Matching in nixpkgs

pkgs.corosync

Group Communication System with features for implementing high availability within applications

nixos-unstable 3.1.9
- nixpkgs-unstable 3.1.9
- nixos-unstable-small 3.1.9
nixos-25.11 3.1.9
- nixos-25.11-small 3.1.9
- nixpkgs-25.11-darwin 3.1.9

Ignored packages (1)

pkgs.corosync-qdevice

Corosync Cluster Engine Qdevice

nixos-unstable 3.0.4
- nixpkgs-unstable 3.0.4
- nixos-unstable-small 3.0.4

Package maintainers

@ryantm Ryan Mulligan <ryan@ryantm.com>
@montag451 montag451 <montag451@laposte.net>

No upstream fix (2026-04-02)

RH tracking issue: https://bugzilla.redhat.com/show_bug.cgi?id=2453169