Amazon Linux 2

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2142 Related CVEs: CVE-2022-48468 CVE-2022-33070 Upstream summary: protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member. (CVE-2022-48468) Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2150 Related CVEs: CVE-2020-25658 CVE-2020-13757 Upstream summary: A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2117 Related CVEs: CVE-2021-27291 Upstream summary: In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2152 Related CVEs: CVE-2015-4645 CVE-2015-4646 CVE-2021-40153 CVE-2021-41072 Upstream summary: Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2119 Related CVEs: CVE-2018-14463 CVE-2019-15167 CVE-2018-19519 Upstream summary: The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2140 Related CVEs: CVE-2022-4899 Upstream summary: In zstd, supplying an empty string as an argument to either –output-dir-flat or –output-dir-mirror may cause a buffer overrun. (CVE-2022-4899) Table of contents Symptom […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2103 Related CVEs: CVE-2021-3782 Upstream summary: An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2079 Related CVEs: CVE-2020-12762 Upstream summary: A flaw was found in json-c. In printbuf_memappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2082 Related CVEs: CVE-2015-8390 CVE-2015-8394 Upstream summary: PCRE before 8.38 mishandles the [: and substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2067 Related CVEs: CVE-2015-10082 Upstream summary: A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component […]