{"id":"AZL-26813","summary":"CVE-2023-28320 affecting package rust for versions less than 1.72.0-2","details":"A denial of service vulnerability exists in curl \u003cv8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.","modified":"2026-04-01T05:08:32.596101Z","published":"2023-05-26T21:15:15Z","upstream":["CVE-2023-28320"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28320"}],"affected":[{"package":{"name":"rust","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/rust"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.72.0-2"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-26813.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}