Amazon Linux 2023

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-275 Related CVEs: CVE-2023-37732 CVE-2021-33454 CVE-2021-33459 Upstream summary: Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-266 Related CVEs: CVE-2023-33546 Upstream summary: janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-268 Related CVEs: CVE-2023-29824 Upstream summary: A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. (CVE-2023-29824) Table of contents Symptom & Impact Environment & Reproduction […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-261 Related CVEs: CVE-2022-40898 Upstream summary: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-244 Related CVEs: CVE-2022-4899 Upstream summary: In zstd, supplying an empty string as an argument to either –output-dir-flat or –output-dir-mirror may cause a buffer overrun. (CVE-2022-4899) Table of contents Symptom […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-213 Related CVEs: CVE-2023-34969 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 Upstream summary: D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-221 Related CVEs: CVE-2023-29323 Upstream summary: ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable through 7.0.0-portable, can abort upon a connection […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-205 Related CVEs: CVE-2020-12762 Upstream summary: A flaw was found in json-c. In printbuf_memappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-187 Related CVEs: CVE-2023-0614 CVE-2022-32746 Upstream summary: Access controlled AD LDAP attributes can be discovered (CVE-2023-0614) Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis Quick Triage […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-203 Related CVEs: CVE-2021-3782 Upstream summary: An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count […]