{"id":"CVE-2018-1084","details":"corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.","modified":"2026-04-16T06:15:35.049244402Z","published":"2018-04-12T17:29:00.297Z","related":["SUSE-SU-2018:1121-1","SUSE-SU-2018:1130-1","openSUSE-SU-2024:10695-1"],"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4174"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/103758"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1169"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202107-01"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4000-1/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/corosync/corosync","events":[{"introduced":"ebb007a16c6a8d9e6f783ed82b324cb232c64be5"},{"fixed":"b25b029fe186bacf089ab8136da58390945eb35c"}],"database_specific":{"versions":[{"introduced":"2.3.0"},{"fixed":"2.4.4"}]}}],"versions":["v2.3.0","v2.3.1","v2.3.2","v2.3.3","v2.3.4","v2.3.5","v2.3.6","v2.4.0","v2.4.1","v2.4.2","v2.4.3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]}],"vanir_signatures_modified":"2026-04-11T06:58:36Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1084.json","vanir_signatures":[{"deprecated":false,"target":{"file":"qdevices/msgio.c","function":"msgio_read"},"signature_version":"v1","digest":{"length":1060,"function_hash":"168909057183529809605519259490427602883"},"source":"https://github.com/corosync/corosync/commit/b25b029fe186bacf089ab8136da58390945eb35c","id":"CVE-2018-1084-2f88745b","signature_type":"Function"},{"deprecated":false,"target":{"file":"qdevices/msgio.c","function":"msgio_send"},"signature_version":"v1","digest":{"length":246,"function_hash":"284537285876399155177953511968022271313"},"source":"https://github.com/corosync/corosync/commit/b25b029fe186bacf089ab8136da58390945eb35c","id":"CVE-2018-1084-a5136807","signature_type":"Function"},{"deprecated":false,"target":{"file":"qdevices/msgio.c","function":"msgio_send_blocking"},"signature_version":"v1","digest":{"length":668,"function_hash":"234778371694560099707805119483214683622"},"source":"https://github.com/corosync/corosync/commit/b25b029fe186bacf089ab8136da58390945eb35c","id":"CVE-2018-1084-bd6bc490","signature_type":"Function"},{"deprecated":false,"target":{"file":"qdevices/msgio.c"},"signature_version":"v1","digest":{"line_hashes":["153129037848839284632306385603232952518","97087375145542111947122973264401651133","202360194298251204678799085995008068438","212278227865203050023966391457096052916","210233797977397835811048594129242157668","198235021176952061122881816305008466292","19725743314880908593834536149103613332","78358676129980818130312207855533379432","253467361333547277622606621298077629528","124742392185209659166133710360479733852","115571049646959871980902106791243085865","60878125709894515559181936701405642550","58501617043625233469895484121035435907","269199273140576244144661704500535819480","273432946617112483831469820789895844167","38173102092186573622036322647227211602","102822704274298422181624219837278959168","308755466900148013892772778840431152314","5982963916221975782480982541687221014","148578632799890699300276718888735722055","36225371800182019664320722746005326797","250188211001290152083109239307997556907","62221506183875954458742585320129680298","90291499983371681648393804416869530502","267211968934928312025215355231557527615","304356959915516084733036478322193862066","311516338822034247265019859680029506419","168064942849398215583026806385041486776","110636223664051986282678567163445319444","140117492790367846477749918007795051944","225930815013250370806735560599963244278","142826364725572362790054713474092972778","331617199575187499557791261051841969626","321087742716430918931178548283627147842","330260127587155505433766228678296984713","285911173712597865457604978227332101757","228389938878364589129899474566296700055","324241440731206002083263304542025504477","204066910912632282706234302079988046336","95475136156641370329995084497740325117","199807915204957579802637269353629211126","184285742906836643797550452908772860677","161057451477993701871538912221292661408","261670782740747123744120429300651703436","21596660726703493709981860719358138494","273371568899242105850112635921761873659","296558011433989923867686041524569658404","162518720926415248474086992216627814026","243500473691220518005278193176793737467","27623498435807173245454439944070709018","26033609051871270144995370761168818125","51194571991210621451780794821334550942","188509844265510919890264492871645939639","97588537082481450526951883470332459803","210204882523985647973065203940396752850","44818673802248412427415544436834915362","211978473190367579450977710730057516200","175630762951707581181980101348897719719","83166049021892974704993903938398873886","240378798044346741970902783589568455897","152618035852768666156401726654399996494","714989600962536466388901729247764443","57270691823150466924566681826572271251","216367521309296643666684152362057852360","272059255378182374195432642488231269686","14084332094749608467198150527873030261","9856192337955984881701830428324433234"],"threshold":0.9},"source":"https://github.com/corosync/corosync/commit/b25b029fe186bacf089ab8136da58390945eb35c","id":"CVE-2018-1084-dc190780","signature_type":"Line"},{"signature_type":"Function","deprecated":false,"signature_version":"v1","digest":{"length":515,"function_hash":"312414240408718228801754512951055053109"},"source":"https://github.com/corosync/corosync/commit/b25b029fe186bacf089ab8136da58390945eb35c","id":"CVE-2018-1084-ec658b5c","target":{"file":"qdevices/msgio.c","function":"msgio_write"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}