CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 0CVE-2018-1084 – corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function
https://notcve.org/view.php?id=CVE-2018-1084
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. corosync en versiones anteriores a la 2.4.4 es vulnerable a un desbordamiento de enteros en exec/totemcrypto.c. An integer overflow leading to an out-of-bound read was found in authenticate_nss_2_3() in Corosync. An attacker could craft a malicious packet that would lead to a denial of service. • http://www.securityfocus.com/bid/103758 https://access.redhat.com/errata/RHSA-2018:1169 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084 https://security.gentoo.org/glsa/202107-01 https://usn.ubuntu.com/4000-1 https://www.debian.org/security/2018/dsa-4174 https://access.redhat.com/security/cve/CVE-2018-1084 https://bugzilla.redhat.com/show_bug.cgi?id=1552830 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •