A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
Restrict network access to Corosync cluster communication ports. Configure firewall rules to limit incoming UDP traffic to the Corosync service (default port 5405) to only trusted hosts within the cluster. This will prevent unauthenticated remote attackers from sending crafted packets to exploit the vulnerability. A service restart may be required for firewall changes to take full effect.