Msrc Azl3 Golang 1.23.7-1 On Azure Linux 3.0 vulnerabilities

CVE-2024-24789 [MEDIUM] Mishandling of corrupt central directory record in archive/zip Mishandling of corrupt central directory record in archive/zip FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2023-39533 [HIGH] CWE-770 libp2p nodes vulnerable to attack using large RSA keys libp2p nodes vulnerable to attack using large RSA keys FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-29406 [MEDIUM] CWE-436 Insufficient sanitization of Host header in net/http Insufficient sanitization of Host header in net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2023-24540 [CRITICAL] Improper handling of JavaScript whitespace in html/template Improper handling of JavaScript whitespace in html/template FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2023-24539 [HIGH] CWE-74 Improper sanitization of CSS values in html/template Improper sanitization of CSS values in html/template FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dist

CVE-2023-24538 [CRITICAL] CWE-94 Backticks not treated as string delimiters in html/template Backticks not treated as string delimiters in html/template FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries w

CVE-2023-24537 [HIGH] CWE-190 Infinite loop in parsing in go/scanner Infinite loop in parsing in go/scanner FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft i

CVE-2023-24532 [MEDIUM] CWE-682 Incorrect calculation on P256 curves in crypto/internal/nistec Incorrect calculation on P256 curves in crypto/internal/nistec FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2022-41724 [HIGH] CWE-400 Panic on large handshake records in crypto/tls Panic on large handshake records in crypto/tls FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2022-27664 [HIGH] In net/http in Go before 1.18.6 and 1.19.x before 1.19.1 attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. In net/http in Go before 1.18.6 and 1.19.x before 1.19.1 attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library a

CVE-2022-30633 [HIGH] CWE-674 Stack exhaustion when unmarshaling certain documents in encoding/xml Stack exhaustion when unmarshaling certain documents in encoding/xml FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sou

CVE-2022-1962 [MEDIUM] CWE-674 Stack exhaustion due to deeply nested types in go/parser Stack exhaustion due to deeply nested types in go/parser FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whic

CVE-2021-33195 [HIGH] CWE-74 Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers and thus a return value may contain an unsafe injection (e.g. XSS) that does not Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers and thus a return value may contain an unsafe injection (e.g. XSS) that does not conform to the RFC1035 format. FAQ: Is Azure Linux the only Microsoft

CVE-2021-33196 [HIGH] CWE-20 In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5 a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5 a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefit

CVE-2019-17596 [HIGH] CWE-436 Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios such as traffic from a client to Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios such as traffic from a client to a server that verifies client certificates. FAQ: Is Azure Linux the

CVE-2016-5386 [HIGH] CWE-284 The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client dat The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote att