AZL-61765

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61765.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-61765

Upstream

CVE-2025-29481

Published

2025-04-07T20:15:20Z

Modified

2026-04-21T04:31:49.662701Z

Summary

CVE-2025-29481 affecting package pcp 6.3.2-1

Details

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpfobjectinitprog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."

References

https://nvd.nist.gov/vuln/detail/CVE-2025-29481

Affected packages

Azure Linux:3 / pcp

Package

Name: pcp
Purl: pkg:rpm/azure-linux/pcp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.3.2-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61765.json"