cve 2023 46129

About this tag
CVE-2023-46129 is a vulnerability in the nkeys cryptographic library used by NATS, an open-source messaging system. Microsoft's advisory identifies Azure Linux as the only Microsoft product containing the vulnerable library so far. The flaw was disclosed in late October 2023, and a patch was released in version 0.4.6 of nkeys, which is included in NATS Server 2.10.4. Users of Azure Linux should apply the update to mitigate the issue. Microsoft will update the CVE entry if the library is found in additional products.
  1. CVE-2023-46129 nkeys xkeys Patch Guide for Azure Linux

    Microsoft’s advisory — which calls out the nkeys “xkeys” issue as a vulnerability in open-source components used in Azure Linux — is accurate as far as Microsoft’s public inventory goes: Azure Linux is the only Microsoft product Microsoft has identified as containing the vulnerable library so...