Amazon Linux 2023

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-902 Related CVEs: CVE-2024-50612 CVE-2022-33065 CVE-2022-33064 CVE-2021-4156 Upstream summary: libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read. (CVE-2024-50612) Table of contents Symptom & Impact Environment & Reproduction Root Cause […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-884 Related CVEs: CVE-2021-37714 CVE-2022-36033 Upstream summary: jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-848 Related CVEs: CVE-2024-56732 CVE-2021-45931 CVE-2022-33068 CVE-2023-25193 Upstream summary: HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-861 Related CVEs: CVE-2023-45924 Upstream summary: libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-859 Related CVEs: CVE-2024-39133 CVE-2024-39134 CVE-2020-18442 Upstream summary: Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the __zzip_parse_root_directory() function at /zzip/zip.c. (CVE-2024-39133) […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-791 Related CVEs: CVE-2024-53008 CVE-2023-45539 CVE-2023-40225 Upstream summary: Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-797 Related CVEs: CVE-2024-10224 Upstream summary: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2024-771 Related CVEs: CVE-2024-52615 CVE-2024-52616 CVE-2023-38473 CVE-2023-38472 CVE-2023-1981 CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 Upstream summary: avahi: Avahi Wide-Area DNS Uses Constant Source Port (CVE-2024-52615) avahi: Avahi Wide-Area DNS Predictable Transaction IDs (CVE-2024-52616) […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2024-763 Related CVEs: CVE-2024-3651 Upstream summary: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() (CVE-2024-3651) Table of contents Symptom & Impact Environment & Reproduction Root Cause […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2024-741 Related CVEs: CVE-2024-6239 CVE-2022-27337 CVE-2023-34872 CVE-2022-38349 CVE-2022-38171 CVE-2022-38784 Upstream summary: A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. […]