Msrc Azl3 Gcc 13.2.0-7 On Azure Linux 3.0 vulnerabilities

CVE-2026-4746 [CRITICAL] CWE-787 Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton Mariner: Mariner GovTech CSG: GovTech CSG Customer Action Required: Yes

CVE-2026-27142 [MEDIUM] URLs in meta content attribute actions are not escaped in html/template URLs in meta content attribute actions are not escaped in html/template Mariner: Mariner Go: Go Customer Action Required: Yes

CVE-2025-61727 [MEDIUM] Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509 Mariner: Mariner Go: Go Customer Action Required: Yes

CVE-2025-47912 [MEDIUM] Insufficient validation of bracketed IPv6 hostnames in net/url Insufficient validation of bracketed IPv6 hostnames in net/url FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2025-58189 [MEDIUM] ALPN negotiation error contains attacker controlled information in crypto/tls ALPN negotiation error contains attacker controlled information in crypto/tls FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2025-58185 [MEDIUM] Parsing DER payload can cause memory exhaustion in encoding/asn1 Parsing DER payload can cause memory exhaustion in encoding/asn1 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2025-61723 [HIGH] Quadratic complexity when parsing some invalid inputs in encoding/pem Quadratic complexity when parsing some invalid inputs in encoding/pem FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2025-61725 [HIGH] Excessive CPU consumption in ParseAddress in net/mail Excessive CPU consumption in ParseAddress in net/mail FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2025-58187 [HIGH] Quadratic complexity when checking name constraints in crypto/x509 Quadratic complexity when checking name constraints in crypto/x509 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2025-22874 [HIGH] Usage of ExtKeyUsageAny disables policy validation in crypto/x509 Usage of ExtKeyUsageAny disables policy validation in crypto/x509 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2025-4673 [MEDIUM] Sensitive headers not cleared on cross-origin redirect in net/http Sensitive headers not cleared on cross-origin redirect in net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librari

CVE-2025-22871 [CRITICAL] Request smuggling due to acceptance of invalid chunked data in net/http Request smuggling due to acceptance of invalid chunked data in net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2024-34158 [HIGH] CWE-674 Stack exhaustion in Parse in go/build/constraint Stack exhaustion in Parse in go/build/constraint FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-34156 [HIGH] Stack exhaustion in Decoder.Decode in encoding/gob Stack exhaustion in Decoder.Decode in encoding/gob FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2024-34155 [MEDIUM] Stack exhaustion in all Parse functions in go/parser Stack exhaustion in all Parse functions in go/parser FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2023-24531 [CRITICAL] Output of "go env" does not sanitize values in cmd/go Output of "go env" does not sanitize values in cmd/go FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-24791 [HIGH] Denial of service due to improper 100-continue handling in net/http Denial of service due to improper 100-continue handling in net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2024-24790 [CRITICAL] Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versio

CVE-2024-24789 [MEDIUM] Mishandling of corrupt central directory record in archive/zip Mishandling of corrupt central directory record in archive/zip FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-24787 [MEDIUM] Arbitrary code execution during build on Darwin in cmd/go Arbitrary code execution during build on Darwin in cmd/go FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the