Msrc Cbl2 Grpc 1.42.0-11 On Cbl Mariner 2.0 vulnerabilities

CVE-2026-4746 [CRITICAL] CWE-787 Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton Mariner: Mariner GovTech CSG: GovTech CSG Customer Action Required: Yes

CVE-2026-33186 [CRITICAL] CWE-285 gRPC-Go has an authorization bypass via missing leading slash in :path gRPC-Go has an authorization bypass via missing leading slash in :path Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes

CVE-2025-4565 [HIGH] CWE-674 Unbounded recursion in Python Protobuf Unbounded recursion in Python Protobuf FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2024-7246 [MEDIUM] CWE-440 HPACK table poisoning in gRPC C++, Python & Ruby HPACK table poisoning in gRPC C++, Python & Ruby FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2023-31130 [MEDIUM] CWE-787 Buffer Underwrite in ares_inet_net_pton() Buffer Underwrite in ares_inet_net_pton() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2022-4904 [HIGH] CWE-1284 A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string which allows a possible arbitrary length stack overflow. This issue may cause a d A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity