AZL-78273

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78273.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-78273

Upstream

CVE-2026-2903

Published

2026-02-22T01:16:00Z

Modified

2026-04-21T04:34:23.413316Z

Summary

CVE-2026-2903 affecting package re2c 3.1-4

Details

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function checkandmergespecialrules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name: febeb977936f9519a25d9fbd10ff8256358cdb97. It is suggested to install a patch to address this issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-2903

Affected packages

Azure Linux:3 / re2c

Package

Name: re2c
Purl: pkg:rpm/azure-linux/re2c

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.1-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78273.json"