Msrc Azure Linux 3.0 Arm vulnerabilities

CVE-2023-47108 [HIGH] CWE-770 DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to da

CVE-2023-38473 [MEDIUM] CWE-617 Reachable assertion in avahi_alternative_host_name Reachable assertion in avahi_alternative_host_name FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2023-6174 [MEDIUM] CWE-125 Out-of-bounds Read in Wireshark Out-of-bounds Read in Wireshark NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6174 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source lib

CVE-2023-5678 [MEDIUM] CWE-754 Excessive time spent in DH check / generation with large Q parameter value Excessive time spent in DH check / generation with large Q parameter value FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2023-42366 [MEDIUM] A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with

CVE-2023-49083 [MEDIUM] CWE-476 cryptography vulnerable to NULL-dereference when loading PKCS7 certificates cryptography vulnerable to NULL-dereference when loading PKCS7 certificates FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2023-38469 [MEDIUM] CWE-617 Reachable assertion in avahi_dns_packet_append_record Reachable assertion in avahi_dns_packet_append_record FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-42365 [MEDIUM] CWE-416 A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linu

CVE-2023-6277 [MEDIUM] CWE-400 Libtiff: out-of-memory in tiffopen via a craft file Libtiff: out-of-memory in tiffopen via a craft file FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dist

CVE-2023-42363 [MEDIUM] CWE-416 A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commit

CVE-2023-40661 [MEDIUM] CWE-119 Opensc: multiple memory issues with pkcs15-init (enrollment tool) Opensc: multiple memory issues with pkcs15-init (enrollment tool) FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2023-38472 [MEDIUM] CWE-617 Reachable assertion in avahi_rdata_parse Reachable assertion in avahi_rdata_parse FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2023-38470 [MEDIUM] CWE-617 Reachable assertion in avahi_escape_label Reachable assertion in avahi_escape_label FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2023-38471 [MEDIUM] CWE-617 Reachable assertion in dbus_set_host_name Reachable assertion in dbus_set_host_name FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2023-4535 [MEDIUM] CWE-125 Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most

CVE-2023-46853 [CRITICAL] CWE-193 In Memcached before 1.6.22 an off-by-one error exists when processing proxy requests in proxy mode if \n is used instead of \r\n. In Memcached before 1.6.22 an off-by-one error exists when processing proxy requests in proxy mode if \n is used instead of \r\n. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to us

CVE-2023-45853 [CRITICAL] CWE-190 MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename comment or extra field. NOTE: MiniZip is not a supported par MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename comment or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vuln

CVE-2023-4692 [HIGH] CWE-787 Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2023-46129 [HIGH] CWE-321 xkeys Seal encryption used fixed key for all encryption xkeys Seal encryption used fixed key for all encryption FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2023-46813 [HIGH] An issue was discovered in the Linux kernel before 6.5.9 exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of t An issue was discovered in the Linux kernel before 6.5.9 exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to