Msrc Cbl2 Nghttp2 1.57.0-2 On Cbl Mariner 2.0 vulnerabilities
6 known vulnerabilities affecting msrc/cbl2_nghttp2_1.57.0-2_on_cbl_mariner_2.0.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4LOW1
Vulnerabilities
Page 1 of 1
CVE-2026-27135HIGHCVSS 7.52026-03-10
CVE-2026-27135 [HIGH] CWE-617 nghttp2 Denial of service: Assertion failure due to the missing state validation
nghttp2 Denial of service: Assertion failure due to the missing state validation
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
msrc
CVE-2026-1979MEDIUMCVSS 5.32026-02-10
CVE-2026-1979 [MEDIUM] CWE-416 mruby JMPNOT-to-JMPIF Optimization vm.c mrb_vm_exec use after free
mruby JMPNOT-to-JMPIF Optimization vm.c mrb_vm_exec use after free
Mariner: Mariner
VulDB: VulDB
Customer Action Required: Yes
msrc
CVE-2025-12875MEDIUMCVSS 5.32025-11-11
CVE-2025-12875 [MEDIUM] CWE-787 mruby array.c ary_fill_exec out-of-bounds write
mruby array.c ary_fill_exec out-of-bounds write
Mariner: Mariner
VulDB: VulDB
Customer Action Required: Yes
msrc
CVE-2025-7207LOWCVSS 3.32025-07-08
CVE-2025-7207 [MEDIUM] CWE-122 mruby nregs codegen.c scope_new heap-based overflow
mruby nregs codegen.c scope_new heap-based overflow
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dist
msrc
CVE-2025-23167MEDIUMCVSS 6.52025-05-13
CVE-2025-23167 [MEDIUM] CVE-2025-23167: FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ve
msrc
CVE-2024-28182MEDIUMCVSS 5.32024-04-09
CVE-2024-28182 [MEDIUM] CWE-770 Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage
Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most
msrc