5

CVE-2013-0250

Exploit
The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CorosyncCorosync Version2.0.0
CorosyncCorosync Version2.0.1
CorosyncCorosync Version2.0.2
CorosyncCorosync Version2.0.3
CorosyncCorosync Version2.1.0
CorosyncCorosync Version2.1.1
CorosyncCorosync Version2.2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.08% 0.86
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://seclists.org/oss-sec/2013/q1/212
http://seclists.org/oss-sec/2013/q1/213
http://seclists.org/oss-sec/2013/q1/214
http://secunia.com/advisories/52037
https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595
Patch
Exploit