Vulnerabilities > CVE-2013-0250 - Unspecified vulnerability in Corosync

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

corosync

NVD

Published: 2014-06-06

Updated: 2024-11-21

Summary

The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet.

Vulnerable Configurations

Part	Description	Count
Application	Corosync Corosync Corosync 2.0.0 Corosync Corosync 2.0.1 Corosync Corosync 2.1.0 Corosync Corosync 2.2.0 Corosync Corosync 2.0.3 Corosync Corosync 2.0.2 Corosync Corosync 2.1.1	7

References

http://seclists.org/oss-sec/2013/q1/212
http://seclists.org/oss-sec/2013/q1/212
http://seclists.org/oss-sec/2013/q1/213
http://seclists.org/oss-sec/2013/q1/213
http://seclists.org/oss-sec/2013/q1/214
http://seclists.org/oss-sec/2013/q1/214
http://secunia.com/advisories/52037
http://secunia.com/advisories/52037
https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595
https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595