.NET and Visual Studio Denial of Service Vulnerability
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HFedora Project Fedora
OSFedoraproject3738Microsoft Asp.net Core
APPMicrosoft2.1 – 2.1.40 (bez)Microsoft .net
APPMicrosoft6.0.0 – 6.0.21 (bez)7.0.0 – 7.0.10 (bez)Microsoft Visual Studio 2022
APPMicrosoft17.6.0 – 17.6.6 (bez)17.4.0 – 17.4.10 (bez)17.2.0 – 17.2.18 (bez)
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- .NET Core and Visual Studio
- Added to KEVi
- August 9, 2023
- Remediation deadline (US Federal)i
- August 30, 2023(overdue)
Required action (CISA)i
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA descriptioni
Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS).
🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
⏰CISA DEADLINE: 30 sierpnia 2023
Tags
DoS
Related vulnerabilities
CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox
CVE-2023-6345CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Integer overflow w Skia w Google Chrome — sandbox escape