Msrc Cbl2 Rust 1.72.0-10 On Cbl Mariner 2.0 vulnerabilities

CVE-2025-10148 [MEDIUM] predictable WebSocket mask predictable WebSocket mask FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in

CVE-2025-9086 [HIGH] Out of bounds read for cookie path Out of bounds read for cookie path FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to tr

CVE-2023-53158 [MEDIUM] CWE-78 The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnera The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability (involving a username field) that is more difficult to exploi

CVE-2025-53605 [MEDIUM] CWE-674 The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input. The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefor

CVE-2024-58266 [LOW] CWE-116 The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection. The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to

CVE-2025-7207 [MEDIUM] CWE-122 mruby nregs codegen.c scope_new heap-based overflow mruby nregs codegen.c scope_new heap-based overflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dist

CVE-2025-5025 [MEDIUM] CWE-295 No QUIC certificate pinning with wolfSSL No QUIC certificate pinning with wolfSSL FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micros

CVE-2025-3416 [LOW] CWE-416 Rust-openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch` Rust-openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch` FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions o

CVE-2025-0725 [HIGH] CWE-120 gzip integer overflow gzip integer overflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this

CVE-2025-24898 [MEDIUM] CWE-416 rust openssl ssl::select_next_proto use after free rust openssl ssl::select_next_proto use after free FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-12797 [MEDIUM] CWE-392 RFC7250 handshakes with unauthenticated servers don't abort as expected RFC7250 handshakes with unauthenticated servers don't abort as expected FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2025-0167 [LOW] netrc and default credential leak netrc and default credential leak FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to trans

CVE-2024-11053 [LOW] netrc and redirect credential leak netrc and redirect credential leak FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to tr

CVE-2024-9681 [MEDIUM] CWE-697 HSTS subdomain overwrites parent cache entry HSTS subdomain overwrites parent cache entry FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed

CVE-2024-8096 [MEDIUM] CWE-295 OCSP stapling bypass with GnuTLS OCSP stapling bypass with GnuTLS FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed

CVE-2024-43806 [MEDIUM] CWE-400 `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most s

CVE-2024-7264 [MEDIUM] CWE-125 ASN.1 date parser overread ASN.1 date parser overread FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpar

CVE-2024-31852 [MEDIUM] LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack and thus there can sometimes be an exploitable error in the flow of control. This af LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor

CVE-2024-28182 [MEDIUM] CWE-770 Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most

CVE-2024-32884 [MEDIUM] CWE-77 gix-transport indirect code execution via malicious username gix-transport indirect code execution via malicious username FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries w