USN-7478-1
- Source
- https://ubuntu.com/security/notices/USN-7478-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7478-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-7478-1
- Upstream
- Related
- Published
- 2025-05-05T12:05:14.377146Z
- Modified
- 2025-10-13T04:41:07Z
- Summary
- corosync vulnerability
- Details
-
It was discovered that Corosync incorrectly handled certain large UDP packets. If encryption is disabled, or an attacker knows the encryption key, this issue could be used to cause Corosync to crash, resulting in a denial of service.
- References
Affected packages
Ubuntu:20.04:LTS / corosync
Package
- Name
- corosync
- Purl
- pkg:deb/ubuntu/corosync@3.0.3-2ubuntu2.2?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.3-2ubuntu2.2
Affected versions
3.*
3.0.1-2ubuntu1
3.0.2-1ubuntu1
3.0.2-1ubuntu2
3.0.3-2ubuntu1
3.0.3-2ubuntu2
3.0.3-2ubuntu2.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "corosync"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "corosync-notifyd"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "corosync-vqsim"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "libcfg-dev"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "libcfg7"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "libcmap-dev"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "libcmap4"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "libcorosync-common-dev"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "libcorosync-common4"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "libcpg-dev"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "libcpg4"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "libquorum-dev"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "libquorum5"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "libsam-dev"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "libsam4"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "libvotequorum-dev"
},
{
"binary_version": "3.0.3-2ubuntu2.2",
"binary_name": "libvotequorum8"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:20.04:LTS",
"cves": [
{
"id": "CVE-2025-30472",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
Ubuntu:22.04:LTS / corosync
Package
- Name
- corosync
- Purl
- pkg:deb/ubuntu/corosync@3.1.6-1ubuntu1.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.6-1ubuntu1.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "corosync"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "corosync-notifyd"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "corosync-vqsim"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "libcfg-dev"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "libcfg7"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "libcmap-dev"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "libcmap4"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "libcorosync-common-dev"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "libcorosync-common4"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "libcpg-dev"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "libcpg4"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "libquorum-dev"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "libquorum5"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "libsam-dev"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "libsam4"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "libvotequorum-dev"
},
{
"binary_version": "3.1.6-1ubuntu1.1",
"binary_name": "libvotequorum8"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"id": "CVE-2025-30472",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
Ubuntu:24.04:LTS / corosync
Package
- Name
- corosync
- Purl
- pkg:deb/ubuntu/corosync@3.1.7-1ubuntu3.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.7-1ubuntu3.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "corosync"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "corosync-notifyd"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "corosync-vqsim"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "libcfg-dev"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "libcfg7"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "libcmap-dev"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "libcmap4"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "libcorosync-common-dev"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "libcorosync-common4"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "libcpg-dev"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "libcpg4"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "libquorum-dev"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "libquorum5"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "libsam-dev"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "libsam4"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "libvotequorum-dev"
},
{
"binary_version": "3.1.7-1ubuntu3.1",
"binary_name": "libvotequorum8"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:24.04:LTS",
"cves": [
{
"id": "CVE-2025-30472",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}