Amazon Linux 2023

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-173 Related CVEs: CVE-2022-40899 Upstream summary: An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-159 Related CVEs: CVE-2023-24056 Upstream summary: In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-066 Related CVEs: CVE-2022-25147 Upstream summary: 2023-05-23: The severity level was changed from Critical to Medium. Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-004 Related CVEs: CVE-2017-9182 CVE-2019-19004 CVE-2019-19005 CVE-2022-32323 Upstream summary: A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-091 Related CVEs: CVE-2022-3715 Upstream summary: A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-080 Related CVEs: CVE-2022-31212 CVE-2022-31213 Upstream summary: An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-044 Related CVEs: CVE-2022-1304 Upstream summary: An out-of-bounds read/write vulnerability was found in e2fsprogs. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-008 Related CVEs: CVE-2021-0561 Upstream summary: An out-of-bounds write vulnerability was found in libFlak. The vulnerability occurs due to a missing bounds check. This flaw allows a local attacker without […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-069 Related CVEs: CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 Upstream summary: A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-014 Related CVEs: CVE-2021-33813 Upstream summary: An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. (CVE-2021-33813) Table […]