Amazon Linux 2023

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-204 Related CVEs: CVE-2021-33641 CVE-2021-33642 Upstream summary: When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free). […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-198 Related CVEs: CVE-2022-4904 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 CVE-2024-25629 Upstream summary: A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-182 Related CVEs: CVE-2023-31484 Upstream summary: HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-183 Related CVEs: CVE-2023-30861 CVE-2026-27205 Upstream summary: Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-191 Related CVEs: CVE-2022-39377 CVE-2023-33204 Upstream summary: sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-171 Related CVEs: CVE-2023-0361 CVE-2025-14831 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-6395 CVE-2024-12243 CVE-2024-28834  +4 more Upstream summary: A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-172 Related CVEs: CVE-2022-44370 CVE-2023-38665 CVE-2020-21528 Upstream summary: NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856 (CVE-2022-44370) Table of contents Symptom & Impact […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-177 Related CVEs: CVE-2021-27212 CVE-2023-2953 Upstream summary: In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion … NOTE: https://bugs.openldap.org/show_bug.cgi?id=9454 NOTE: trunk: https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0 NOTE: REL_ENG 2.4.x: https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30 (CVE-2021-27212) Table of […]