{"id":"AZL-78270","summary":"CVE-2026-2903 affecting package re2c 2.0-1","details":"A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name: febeb977936f9519a25d9fbd10ff8256358cdb97. It is suggested to install a patch to address this issue.","modified":"2026-04-21T04:34:23.679235Z","published":"2026-02-22T01:16:00Z","upstream":["CVE-2026-2903"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2903"}],"affected":[{"package":{"name":"re2c","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/re2c"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"2.0-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78270.json"}}],"schema_version":"1.7.5"}