Msrc Azl3 Busybox 1.36.1-12 On Azure Linux 3.0 vulnerabilities

CVE-2023-42366 [MEDIUM] A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with

CVE-2023-42364 [MEDIUM] CWE-416 A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the

CVE-2023-42365 [MEDIUM] CWE-416 A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linu

CVE-2023-42363 [MEDIUM] CWE-416 A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commit

CVE-2023-39810 [HIGH] CWE-22 An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date wi

CVE-2022-28391 [HIGH] BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively the attacker could choose to ch BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively the attacker could choose to change the terminal's colors. FAQ: Is Azure Linux the only Microsoft product t

CVE-2021-42374 [MEDIUM] CWE-125 An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format tha An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that FAQ: Is Azure Linux the only Microsoft product that includes thi