Msrc Azl3 Golang 1.23.9-1 On Azure Linux 3.0 vulnerabilities

CVE-2025-0913 [MEDIUM] CWE-59 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versio

CVE-2025-22871 [CRITICAL] Request smuggling due to acceptance of invalid chunked data in net/http Request smuggling due to acceptance of invalid chunked data in net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2025-25199 [HIGH] CWE-401 BCryptGenerateSymmetricKey memory leak BCryptGenerateSymmetricKey memory leak NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2025-25199 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the o

CVE-2024-34158 [HIGH] CWE-674 Stack exhaustion in Parse in go/build/constraint Stack exhaustion in Parse in go/build/constraint FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-34156 [HIGH] Stack exhaustion in Decoder.Decode in encoding/gob Stack exhaustion in Decoder.Decode in encoding/gob FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2024-34155 [MEDIUM] Stack exhaustion in all Parse functions in go/parser Stack exhaustion in all Parse functions in go/parser FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2023-24531 [CRITICAL] Output of "go env" does not sanitize values in cmd/go Output of "go env" does not sanitize values in cmd/go FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-24789 [MEDIUM] Mishandling of corrupt central directory record in archive/zip Mishandling of corrupt central directory record in archive/zip FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-24788 [MEDIUM] CWE-835 Malformed DNS message can cause infinite loop in net Malformed DNS message can cause infinite loop in net FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-24787 [MEDIUM] Arbitrary code execution during build on Darwin in cmd/go Arbitrary code execution during build on Darwin in cmd/go FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-24784 [HIGH] Comments in display names are incorrectly handled in net/mail Comments in display names are incorrectly handled in net/mail FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2023-45289 [MEDIUM] Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ve

CVE-2023-45287 [HIGH] CWE-203 Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date w

CVE-2023-49292 [MEDIUM] CWE-200 Possible private key restoration in go package github.com/ecies/go Possible private key restoration in go package github.com/ecies/go FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2023-45283 [HIGH] CWE-22 Insecure parsing of Windows paths with a \??\ prefix in path/filepath Insecure parsing of Windows paths with a \??\ prefix in path/filepath FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open so

CVE-2023-39318 [MEDIUM] CWE-79 Improper handling of HTML-like comments in script contexts in html/template Improper handling of HTML-like comments in script contexts in html/template FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2023-39319 [MEDIUM] CWE-79 Improper handling of special tags within script contexts in html/template Improper handling of special tags within script contexts in html/template FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of t

CVE-2023-39533 [HIGH] CWE-770 libp2p nodes vulnerable to attack using large RSA keys libp2p nodes vulnerable to attack using large RSA keys FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-29406 [MEDIUM] CWE-436 Insufficient sanitization of Host header in net/http Insufficient sanitization of Host header in net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2023-24540 [CRITICAL] Improper handling of JavaScript whitespace in html/template Improper handling of JavaScript whitespace in html/template FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi