CVE-2026-42504

Public on 2026-06-02
Modified on 2026-06-05
Description
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.
Severity
Medium severity
Medium
See what this means
CVSS v3 Base Score
5.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core amazon-cloudwatch-agent Pending Fix
Amazon Linux 2023 amazon-cloudwatch-agent Pending Fix
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra amazon-ecr-credential-helper Pending Fix
Amazon Linux 2 - Docker Extra amazon-ecr-credential-helper Pending Fix
Amazon Linux 2 - Ecs Extra amazon-ecr-credential-helper Pending Fix
Amazon Linux 2023 amazon-ecr-credential-helper Pending Fix
Amazon Linux 2 - Core amazon-ssm-agent Not Affected
Amazon Linux 2023 amazon-ssm-agent Not Affected
Amazon Linux 2 - Core cni-plugins Pending Fix
Amazon Linux 2023 cni-plugins Pending Fix
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra containerd 2026-07-08 ALAS2NITRO-ENCLAVES-2026-114 Fixed
Amazon Linux 2 - Docker Extra containerd 2026-07-08 ALAS2DOCKER-2026-135 Fixed
Amazon Linux 2 - Ecs Extra containerd 2026-07-08 ALAS2ECS-2026-130 Fixed
Amazon Linux 2023 containerd 2026-07-07 ALAS2023-2026-1909 Fixed
Amazon Linux 2023 credentials-fetcher 2026-06-22 ALAS2023-2026-1885 Fixed
Amazon Linux 2 - Core cri-tools Pending Fix
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra docker 2026-07-08 ALAS2NITRO-ENCLAVES-2026-112 Fixed
Amazon Linux 2 - Docker Extra docker 2026-07-08 ALAS2DOCKER-2026-134 Fixed
Amazon Linux 2 - Ecs Extra docker 2026-07-08 ALAS2ECS-2026-131 Fixed
Amazon Linux 2023 docker 2026-07-07 ALAS2023-2026-1901 Fixed
Amazon Linux 2 - Ecs Extra ecs-init 2026-07-08 ALAS2ECS-2026-127 Fixed
Amazon Linux 2023 ecs-init 2026-07-07 ALAS2023-2026-1902 Fixed
Amazon Linux 2023 git-lfs Pending Fix
Amazon Linux 2 - Golang1.11 Extra golang No Fix Planned
Amazon Linux 2 - Golang1.19 Extra golang No Fix Planned
Amazon Linux 2 - Golang1.9 Extra golang No Fix Planned
Amazon Linux 2 - Core golang 2026-06-22 ALAS2-2026-3383 Fixed
Amazon Linux 2023 golang 2026-06-22 ALAS2023-2026-1878 Fixed
Amazon Linux 2023 golang-github-burntsushi-toml 2026-06-22 ALAS2023-2026-1877 Fixed
Amazon Linux 2023 golang-github-burntsushi-toml-test 2026-06-22 ALAS2023-2026-1876 Fixed
Amazon Linux 2023 golang-github-cpuguy83-md2man 2026-06-22 ALAS2023-2026-1875 Fixed
Amazon Linux 2 - Core golist 2026-06-22 ALAS2-2026-3382 Fixed
Amazon Linux 2023 golist 2026-06-22 ALAS2023-2026-1874 Fixed
Amazon Linux 2023 libcap Pending Fix
Amazon Linux 2 - Core nerdctl 2026-07-08 ALAS2-2026-3497 Fixed
Amazon Linux 2023 nerdctl 2026-07-07 ALAS2023-2026-1908 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra oci-add-hooks Pending Fix
Amazon Linux 2 - Docker Extra oci-add-hooks Pending Fix
Amazon Linux 2 - Ecs Extra oci-add-hooks Pending Fix
Amazon Linux 2023 oci-add-hooks Pending Fix
Amazon Linux 2 - Core rclone Pending Fix
Amazon Linux 2023 rclone Pending Fix
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra runc Pending Fix
Amazon Linux 2 - Docker Extra runc Pending Fix
Amazon Linux 2 - Ecs Extra runc Pending Fix
Amazon Linux 2023 runc Pending Fix
Amazon Linux 2 - Docker Extra runfinch-finch 2026-06-22 ALAS2DOCKER-2026-132 Fixed
Amazon Linux 2023 runfinch-finch 2026-06-22 ALAS2023-2026-1886 Fixed
Amazon Linux 2 - Docker Extra soci-snapshotter 2026-06-22 ALAS2DOCKER-2026-131 Fixed
Amazon Linux 2023 soci-snapshotter 2026-06-22 ALAS2023-2026-1884 Fixed
Amazon Linux 2023 yq Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L