Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2022-47010 [MEDIUM] CWE-401 function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38 allows attackers to cause a denial of service due to memory leaks. function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38 allows attackers to cause a denial of service due to memory leaks. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to us

CVE-2023-4273 [MEDIUM] CWE-787 Kernel: exfat: stack overflow in exfat_get_uniname_from_ext_entry Kernel: exfat: stack overflow in exfat_get_uniname_from_ext_entry FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source l

CVE-2023-38712 [MEDIUM] CWE-476 An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA such as a duplicated Delete/Notify message a NULL pointer deref

CVE-2023-3978 [MEDIUM] CWE-79 Improper rendering of text nodes in golang.org/x/net/html Improper rendering of text nodes in golang.org/x/net/html FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2023-37460 [HIGH] CWE-22 Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2023-3812 [HIGH] CWE-787 Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and mos

CVE-2023-3567 [HIGH] CWE-416 Kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race Kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2023-3611 [HIGH] CWE-787 Out-of-bounds write in Linux kernel's net/sched: sch_qfq component Out-of-bounds write in Linux kernel's net/sched: sch_qfq component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source l

CVE-2023-3354 [HIGH] CWE-476 Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with t

CVE-2022-47085 [HIGH] An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs. An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially af

CVE-2022-28736 [MEDIUM] CWE-416 There's a use-after-free vulnerability in grub_cmd_chainloader() function There's a use-after-free vulnerability in grub_cmd_chainloader() function FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2023-3609 [HIGH] CWE-416 Use-after-free in Linux kernel's net/sched: cls_u32 component Use-after-free in Linux kernel's net/sched: cls_u32 component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries w

CVE-2022-28733 [HIGH] CWE-191 Integer underflow in grub_net_recv_ip4_packets Integer underflow in grub_net_recv_ip4_packets FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2023-38403 [HIGH] CWE-190 iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to

CVE-2023-3776 [HIGH] CWE-416 Use-after-free in Linux kernel's net/sched: cls_fw component Use-after-free in Linux kernel's net/sched: cls_fw component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wit

CVE-2023-3610 [HIGH] CWE-416 Use-after-free in Linux kernel's netfilter: nf_tables component Use-after-free in Linux kernel's netfilter: nf_tables component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librari

CVE-2022-33065 [HIGH] CWE-190 Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile allows an attacker to cause Denial of Service or ot Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile allows an attacker to cause Denial of Service or other unspecified impacts. FAQ: Is Azure Linux the only Microsoft prod

CVE-2022-28734 [HIGH] CWE-787 Out-of-bounds write when handling split HTTP headers Out-of-bounds write when handling split HTTP headers FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2023-32248 [HIGH] CWE-476 Tree connection null pointer dereference denial-of-service vulnerability Tree connection null pointer dereference denial-of-service vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2023-3724 [CRITICAL] CWE-20 TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rec