AZL-47122

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-47122.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-47122

Upstream

CVE-2024-40897

Published

2024-07-26T06:15:02Z

Modified

2026-04-21T04:32:49.155732Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2024-40897 affecting package orc for versions less than 0.4.39-2

Details

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-40897

Affected packages

Azure Linux:3 / orc

Package

Name: orc
Purl: pkg:rpm/azure-linux/orc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.39-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-47122.json"