Msrc Azl3 Rust 1.90.0-4 On Azure Linux 3.0 vulnerabilities

CVE-2026-27135 [HIGH] CWE-617 nghttp2 Denial of service: Assertion failure due to the missing state validation nghttp2 Denial of service: Assertion failure due to the missing state validation Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2026-3805 [HIGH] use after free in SMB connection reuse use after free in SMB connection reuse Mariner: Mariner curl: curl Customer Action Required: Yes

CVE-2026-3784 [MEDIUM] wrong proxy connection reuse with credentials wrong proxy connection reuse with credentials Mariner: Mariner curl: curl Customer Action Required: Yes

CVE-2026-33055 [MEDIUM] CWE-843 tar-rs incorrectly ignores PAX size headers if header size is nonzero tar-rs incorrectly ignores PAX size headers if header size is nonzero Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes

CVE-2026-1965 [MEDIUM] bad reuse of HTTP Negotiate connection bad reuse of HTTP Negotiate connection Mariner: Mariner curl: curl Customer Action Required: Yes

CVE-2026-3783 [MEDIUM] token leak with redirect and netrc token leak with redirect and netrc Mariner: Mariner curl: curl Customer Action Required: Yes

CVE-2026-33056 [MEDIUM] CWE-61 tar-rs: unpack_in can chmod arbitrary directories by following symlinks tar-rs: unpack_in can chmod arbitrary directories by following symlinks Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes

CVE-2026-2673 [HIGH] CWE-757 OpenSSL TLS 1.3 server may choose unexpected key agreement group OpenSSL TLS 1.3 server may choose unexpected key agreement group Mariner: Mariner openssl: openssl Customer Action Required: Yes

CVE-2025-68114 [MEDIUM] CWE-124 Capstone doesn't check vsnprintf return in SStream_concat, allows stack buffer underflow and overflow Capstone doesn't check vsnprintf return in SStream_concat, allows stack buffer underflow and overflow Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-67873 [MEDIUM] CWE-122 Capstone doesn't check Skipdata length, leading to cs_insn.bytes heap buffer overflow Capstone doesn't check Skipdata length, leading to cs_insn.bytes heap buffer overflow Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-12818 [MEDIUM] CWE-190 PostgreSQL libpq undersizes allocations, via integer wraparound PostgreSQL libpq undersizes allocations, via integer wraparound Mariner: Mariner PostgreSQL: PostgreSQL Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-55159 [MEDIUM] CWE-119 slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-4207 [MEDIUM] CWE-126 PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitmen