{"id":"AZL-79509","summary":"CVE-2026-2219 affecting package dpkg 1.20.10-1","details":"It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).","modified":"2026-04-01T05:23:27.836398Z","published":"2026-03-07T09:16:07Z","upstream":["CVE-2026-2219"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2219"}],"affected":[{"package":{"name":"dpkg","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/dpkg"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"1.20.10-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79509.json"}}],"schema_version":"1.7.5"}