Msrc Azl3 Kata-Containers 3.1.3-2 On Azure Linux 3.0 vulnerabilities

CVE-2024-32650 [HIGH] CWE-835 Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitme

CVE-2023-41051 [LOW] CWE-125 Default functions in VolatileMemory trait lack bounds checks in vm-memory Default functions in VolatileMemory trait lack bounds checks in vm-memory FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2023-26964 [HIGH] CWE-770 An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result the memory and CPU usage are high which can lead to a Den An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result the memory and CPU usage are high which can lead to a Denial of Service (DoS). FAQ: Is Azure Linux the only Microsoft product

CVE-2023-22466 [MEDIUM] CWE-665 Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with th

CVE-2022-23523 [MEDIUM] CWE-125 rust-vmm linux-loader vulnerable to Out-of-bounds Read rust-vmm linux-loader vulnerable to Out-of-bounds Read FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2020-25576 [CRITICAL] CWE-704 An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints. An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to