Msrc Azl3 Edk2 20230301Gitf80F052277C8-37 On Azure Linux 3.0 vulnerabilities

CVE-2023-45232 [HIGH] CWE-835 Infinite loop in EDK II Network Package Infinite loop in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2023-45237 [MEDIUM] CWE-338 Use of a Weak PseudoRandom Number Generator in EDK II Network Package Use of a Weak PseudoRandom Number Generator in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2023-45234 [HIGH] CWE-119 Buffer Overflow in EDK II Network Package Buffer Overflow in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2022-36763 [HIGH] CWE-119 Heap Buffer Overflow in Tcg2MeasureGptTable Heap Buffer Overflow in Tcg2MeasureGptTable FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2023-45235 [HIGH] CWE-119 Buffer Overflow in EDK II Network Package Buffer Overflow in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2023-45233 [HIGH] CWE-835 Infinite loop in EDK II Network Package Infinite loop in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2022-36764 [HIGH] CWE-119 Heap Buffer Overflow in Tcg2MeasurePeImage Heap Buffer Overflow in Tcg2MeasurePeImage FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2022-36765 [HIGH] CWE-119 Integer Overflow in CreateHob Integer Overflow in CreateHob FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to tra

CVE-2023-45230 [HIGH] CWE-119 Buffer Overflow in EDK II Network Package Buffer Overflow in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2023-45236 [MEDIUM] CWE-338 Predictable TCP ISNs in EDK II Network Package Predictable TCP ISNs in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2023-45229 [MEDIUM] CWE-125 Out-of-Bounds Read in EDK II Network Package Out-of-Bounds Read in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose

CVE-2023-45231 [MEDIUM] CWE-125 Out-of-Bounds Read in EDK II Network Package Out-of-Bounds Read in EDK II Network Package FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose

CVE-2023-3817 [MEDIUM] CWE-834 Excessive time spent checking DH q parameter value Excessive time spent checking DH q parameter value FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2023-2650 [MEDIUM] CWE-770 Possible DoS translating ASN.1 object identifiers Possible DoS translating ASN.1 object identifiers FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro i

CVE-2023-0465 [MEDIUM] CWE-295 Invalid certificate policies in leaf certificates are silently ignored Invalid certificate policies in leaf certificates are silently ignored FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the ope

CVE-2023-0215 [HIGH] CWE-416 Use-after-free following BIO_new_NDEF Use-after-free following BIO_new_NDEF FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is c

CVE-2023-0286 [HIGH] CWE-843 X.400 address type confusion in X.509 GeneralName X.400 address type confusion in X.509 GeneralName FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2022-4450 [HIGH] CWE-415 Double free after calling PEM_read_bio_ex Double free after calling PEM_read_bio_ex FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micros

CVE-2022-4304 [MEDIUM] CWE-203 Timing Oracle in RSA Decryption Timing Oracle in RSA Decryption FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed t

CVE-2022-2097 [MEDIUM] CWE-327 AES OCB fails to encrypt some bytes AES OCB fails to encrypt some bytes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is com