Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 12 Apr 2018 14:16:48 +0200
From: Raphael Sanchez Prudencio <>
Subject: CVE-2018-1084 corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3()


An integer overflow leading to an out-of-bound read was found in
authenticate_nss_2_3() in Corosync. An attacker could craft a malicious
packet that would lead to a denial of service.

Affected versions

All versions of Corosync from 2.0.0 to 2.4.3 are vulnerable.

Patched versions

Corosync 2.4.4 includes the patch that fixes this vulnerability.


This issue was discovered by Citrix Security Response Team.


Raphael Sanchez Prudencio
Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.