CVE-2026-10649
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-190
Desbordamiento o ajuste de enteros
Fecha de publicación:
16/06/2026
Última modificación:
16/07/2026
Descripción
*** Pendiente de traducción *** A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial of service (DoS) in the CIB remote listener. This can result in the affected service crashing.
Impacto
Puntuación base 3.x
8.60
Gravedad 3.x
ALTA
Referencias a soluciones, herramientas e información
- https://access.redhat.com/errata/RHSA-2026:39322
- https://access.redhat.com/errata/RHSA-2026:39323
- https://access.redhat.com/errata/RHSA-2026:40833
- https://access.redhat.com/security/cve/CVE-2026-10649
- https://bugzilla.redhat.com/show_bug.cgi?id=2462817
- https://github.com/clusterLabs/pacemaker/pull/4128
- http://www.openwall.com/lists/oss-security/2026/06/16/6
- https://access.redhat.com/errata/RHSA-2026:39322
- https://access.redhat.com/errata/RHSA-2026:39323
- https://access.redhat.com/security/cve/CVE-2026-10649
- https://bugzilla.redhat.com/show_bug.cgi?id=2462817
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10649.json



