Msrc Cbl Mariner 2.0 Arm vulnerabilities

CVE-2023-41360 [CRITICAL] CWE-125 An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main bene

CVE-2023-41359 [CRITICAL] CWE-125 An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP v An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation. FAQ: Is Azure Linux the only Microsoft product that i

CVE-2022-26592 [HIGH] CWE-787 Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function. Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to

CVE-2023-38802 [HIGH] CWE-354 FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is

CVE-2023-41358 [HIGH] CWE-476 An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux dist

CVE-2022-34038 [HIGH] CWE-787 Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability. Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentiall

CVE-2022-48579 [HIGH] CWE-59 UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date

CVE-2020-22218 [HIGH] CWE-787 An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory. An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux

CVE-2023-4569 [MEDIUM] CWE-401 Kernel: information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c Kernel: information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most

CVE-2023-4133 [MEDIUM] CWE-416 Kernel: cxgb4: use-after-free in ch_flower_stats_cb() Kernel: cxgb4: use-after-free in ch_flower_stats_cb() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-40217 [MEDIUM] An issue was discovered in Python before 3.8.18 3.9.x before 3.9.18 3.10.x before 3.10.13 and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authenticati An issue was discovered in Python before 3.8.18 3.9.x before 3.9.18 3.10.x before 3.10.13 and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created receives data into the socket bu

CVE-2022-48554 [MEDIUM] CWE-125 File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secur

CVE-2022-48063 [MEDIUM] CWE-400 GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the mai

CVE-2023-2906 [MEDIUM] CWE-369 Wireshark CP2179 divide by zero Wireshark CP2179 divide by zero FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed t

CVE-2023-38710 [MEDIUM] An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1 an error notify INVALID_SPI is sent back. The notify payloa An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1 an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet but the code that verifi

CVE-2022-47007 [MEDIUM] CWE-401 function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38 allows attackers to cause a denial of service due to memory leaks function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38 allows attackers to cause a denial of service due to memory leaks FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose

CVE-2023-38711 [MEDIUM] CWE-476 An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN a NULL pointer dereference caus An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affe

CVE-2022-35205 [MEDIUM] CWE-617 Reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. Reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to ke

CVE-2022-47011 [MEDIUM] CWE-401 function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38 allows attackers to cause a denial of service due to memory leaks. function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38 allows attackers to cause a denial of service due to memory leaks. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers

CVE-2022-47008 [MEDIUM] CWE-401 function make_tempdir and make_tempname in bucomm.c in Binutils 2.34 thru 2.38 allows attackers to cause a denial of service due to memory leaks. function make_tempdir and make_tempname in bucomm.c in Binutils 2.34 thru 2.38 allows attackers to cause a denial of service due to memory leaks. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to