Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-24464 (GCVE-0-2022-24464)
Vulnerability from cvelistv5 – Published: 2022-03-09 17:07 – Updated: 2025-07-08 15:31
VLAI?
EPSS
Title
.NET and Visual Studio Denial of Service Vulnerability
Summary
.NET and Visual Studio Denial of Service Vulnerability
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | .NET 6.0 |
Affected:
6.0.0 , < 6.0.3
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:55.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET and Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.3",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 5.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.0.15",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET Core 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.1.23",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.7.26",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.9.18",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.11",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.7",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.15",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.23",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.26",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.9.18",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.11",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.7",
"versionStartIncluding": "17.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-03-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:31:40.520Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
}
],
"title": ".NET and Visual Studio Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-24464",
"datePublished": "2022-03-09T17:07:46.000Z",
"dateReserved": "2022-02-05T00:00:00.000Z",
"dateUpdated": "2025-07-08T15:31:40.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24464
Vulnerability from fstec - Published: 10.05.2022
VLAI Severity ?
Title
Уязвимость средства разработки программного обеспечения Microsoft Visual Studio и программной платформы Microsoft.NET Framework, связанная c некорректной зачисткой или освобождением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость средства разработки программного обеспечения Microsoft Visual Studio и программной платформы Microsoft.NET Framework связана c некорректной зачисткой или освобождением ресурсов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании
Severity ?
Vendor
Microsoft Corp, IBM Corp.
Software Name
.NET Core, Microsoft Visual Studio 2019, Microsoft .NET Framework 5.0, Microsoft Visual Studio 2022, Microsoft .NET Framework 6.0, IBM Robotic Process Automation
Software Version
3.1 (.NET Core), от 16.0 до 16.6 включительно (Microsoft Visual Studio 2019), от 16.0 до 16.8 включительно (Microsoft Visual Studio 2019), - (Microsoft .NET Framework 5.0), 17.0 (Microsoft Visual Studio 2022), - (Microsoft .NET Framework 6.0), от 16.0 до 16.10 включительно (Microsoft Visual Studio 2019), до 21.0.2.3 (IBM Robotic Process Automation)
Possible Mitigations
Использование рекомендаций:
Для программных продуктов Microsoft Corp.:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464
Для программных продуктов IBM Corp.:
http://www.ibm.com/support/pages/node/6614449
Reference
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464
http://www.ibm.com/support/pages/node/6614449
CWE
CWE-400
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO708, TO712, TO714, TO716",
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO708 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2019 16.11.30, TO712 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2019 16.7.27, TO714 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2019 16.9.26, TO716 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2019 16.11.21",
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp, IBM Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "3.1 (.NET Core), \u043e\u0442 16.0 \u0434\u043e 16.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Visual Studio 2019), \u043e\u0442 16.0 \u0434\u043e 16.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Visual Studio 2019), - (Microsoft .NET Framework 5.0), 17.0 (Microsoft Visual Studio 2022), - (Microsoft .NET Framework 6.0), \u043e\u0442 16.0 \u0434\u043e 16.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Visual Studio 2019), \u0434\u043e 21.0.2.3 (IBM Robotic Process Automation)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft Corp.:\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 IBM Corp.:\nhttp://www.ibm.com/support/pages/node/6614449",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.05.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "31.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "05.09.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05515",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-24464",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": ".NET Core, Microsoft Visual Studio 2019, Microsoft .NET Framework 5.0, Microsoft Visual Studio 2022, Microsoft .NET Framework 6.0, IBM Robotic Process Automation",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Microsoft Visual Studio \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Microsoft.NET Framework, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f c \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u043e\u0439 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0440\u0430\u0441\u0445\u043e\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0418\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u00bb) (CWE-400)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Microsoft Visual Studio \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Microsoft.NET Framework \u0441\u0432\u044f\u0437\u0430\u043d\u0430 c \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u043e\u0439 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24464\nhttp://www.ibm.com/support/pages/node/6614449",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-400",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
cve-2022-24464
Vulnerability from osv_almalinux
Published
2022-03-10 14:43
Modified
2022-03-13 13:19
Summary
Important: .NET 6.0 security and bugfix update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 6.0.103 and .NET Runtime 6.0.3.
Security Fix(es):
-
dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
-
dotnet: double parser stack buffer overrun (CVE-2022-24512)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.3-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-targeting-pack-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.3-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.103-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-apphost-pack-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.3-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-host"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.3-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-hostfxr-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.3-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.3-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.103-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-targeting-pack-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.3-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-templates-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.103-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "netstandard-targeting-pack-2.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.103-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 6.0.103 and .NET Runtime 6.0.3.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:0826",
"modified": "2022-03-13T13:19:00Z",
"published": "2022-03-10T14:43:46Z",
"references": [
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-24464"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-24512"
}
],
"related": [
"CVE-2022-24464",
"CVE-2022-24512"
],
"summary": "Important: .NET 6.0 security and bugfix update"
}
cve-2022-24464
Vulnerability from osv_almalinux
Published
2022-03-10 14:44
Modified
2022-03-11 16:01
Summary
Important: .NET Core 3.1 security and bugfix update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.
Security Fix(es):
-
dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
-
dotnet: double parser stack buffer overrun (CVE-2022-24512)
-
brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.23-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-targeting-pack-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.23-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-apphost-pack-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.23-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-hostfxr-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.23-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.23-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.417-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-3.1-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.417-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-targeting-pack-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.23-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-templates-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.417-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:0827",
"modified": "2022-03-11T16:01:22Z",
"published": "2022-03-10T14:44:29Z",
"references": [
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-8927"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-24464"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-24512"
}
],
"related": [
"CVE-2022-24464",
"CVE-2022-24512",
"CVE-2020-8927"
],
"summary": "Important: .NET Core 3.1 security and bugfix update"
}
cve-2022-24464
Vulnerability from osv_almalinux
Published
2022-03-10 14:46
Modified
2022-03-11 16:01
Summary
Important: .NET 5.0 security and bugfix update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.
Security Fix(es):
-
dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
-
dotnet: double parser stack buffer overrun (CVE-2022-24512)
-
brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.15-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-targeting-pack-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.15-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-apphost-pack-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.15-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-hostfxr-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.15-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.15-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.212-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-5.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.212-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-targeting-pack-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.15-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-templates-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.212-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:0830",
"modified": "2022-03-11T16:01:23Z",
"published": "2022-03-10T14:46:56Z",
"references": [
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-8927"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-24464"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-24512"
}
],
"related": [
"CVE-2022-24464",
"CVE-2022-24512",
"CVE-2020-8927"
],
"summary": "Important: .NET 5.0 security and bugfix update"
}
CERTFR-2022-AVI-226
Vulnerability from certfr_avis - Published: 2022-03-09 - Updated: 2022-03-09
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une exécution de code à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET Core 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-24464",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24464"
},
{
"name": "CVE-2020-8927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8927"
},
{
"name": "CVE-2022-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24512"
}
],
"initial_release_date": "2022-03-09T00:00:00",
"last_revision_date": "2022-03-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2020-8927 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-8927"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24512 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24464 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
}
],
"reference": "CERTFR-2022-AVI-226",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2022-AVI-227
Vulnerability from certfr_avis - Published: 2022-03-09 - Updated: 2022-03-09
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance, un déni de service, une usurpation d'identité, un contournement de la fonctionnalité de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 23 | ||
| Microsoft | N/A | Skype Extension pour Chrome | ||
| Microsoft | Azure | Azure Site Recovery VMWare to Azure | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.0 | ||
| Microsoft | N/A | HEIF Image Extension | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 21 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 11 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 22 | ||
| Microsoft | N/A | HEVC Video Extensions | ||
| Microsoft | N/A | Raw Image Extension | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft | N/A | VP9 Video Extensions | ||
| Microsoft | N/A | Visual Studio Code | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 10 | ||
| Microsoft | N/A | Microsoft Defender pour Endpoint pour Android | ||
| Microsoft | N/A | HEVC Video Extension | ||
| Microsoft | N/A | Intune Company Portal pour iOS | ||
| Microsoft | N/A | Paint 3D | ||
| Microsoft | N/A | Microsoft Defender pour IoT | ||
| Microsoft | N/A | Microsoft Defender pour Endpoint pour Linux | ||
| Microsoft | N/A | Microsoft Defender pour Endpoint pour Mac | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype Extension pour Chrome",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Site Recovery VMWare to Azure",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "HEIF Image Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 21",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 22",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "HEVC Video Extensions",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Raw Image Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "VP9 Video Extensions",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour Endpoint pour Android",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "HEVC Video Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Intune Company Portal pour iOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Paint 3D",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour IoT",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour Endpoint pour Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour Endpoint pour Mac",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-24515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24515"
},
{
"name": "CVE-2022-24526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24526"
},
{
"name": "CVE-2022-24520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24520"
},
{
"name": "CVE-2022-24469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24469"
},
{
"name": "CVE-2022-23266",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23266"
},
{
"name": "CVE-2022-24509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24509"
},
{
"name": "CVE-2022-24519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24519"
},
{
"name": "CVE-2022-24456",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24456"
},
{
"name": "CVE-2022-24452",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24452"
},
{
"name": "CVE-2022-24453",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24453"
},
{
"name": "CVE-2022-24470",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24470"
},
{
"name": "CVE-2022-24462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24462"
},
{
"name": "CVE-2022-24501",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24501"
},
{
"name": "CVE-2022-23277",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23277"
},
{
"name": "CVE-2022-24468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24468"
},
{
"name": "CVE-2022-23282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23282"
},
{
"name": "CVE-2022-24471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24471"
},
{
"name": "CVE-2022-23300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23300"
},
{
"name": "CVE-2022-23278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23278"
},
{
"name": "CVE-2022-23265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23265"
},
{
"name": "CVE-2022-24464",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24464"
},
{
"name": "CVE-2022-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22007"
},
{
"name": "CVE-2022-24517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24517"
},
{
"name": "CVE-2022-24510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24510"
},
{
"name": "CVE-2022-23295",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23295"
},
{
"name": "CVE-2020-8927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8927"
},
{
"name": "CVE-2022-24451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24451"
},
{
"name": "CVE-2022-24461",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24461"
},
{
"name": "CVE-2022-24506",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24506"
},
{
"name": "CVE-2022-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24512"
},
{
"name": "CVE-2022-24511",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24511"
},
{
"name": "CVE-2022-24518",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24518"
},
{
"name": "CVE-2022-24457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24457"
},
{
"name": "CVE-2022-24522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24522"
},
{
"name": "CVE-2022-23301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23301"
},
{
"name": "CVE-2022-24463",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24463"
},
{
"name": "CVE-2022-22006",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22006"
},
{
"name": "CVE-2022-24465",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24465"
},
{
"name": "CVE-2022-24467",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24467"
}
],
"initial_release_date": "2022-03-09T00:00:00",
"last_revision_date": "2022-03-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24509 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24509"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24471 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24471"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24518 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24518"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23282 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23282"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-22006 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22006"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24467 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24467"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24453 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24453"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23301 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23301"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2020-8927 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-8927"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24515 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24515"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24462 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24462"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24469 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24469"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24520 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24520"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24456 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24456"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23277 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24468 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24468"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24512 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24526 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24526"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24470 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24470"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24517 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24517"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24501 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24501"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23295 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23295"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-22007 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22007"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24461 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24461"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24465 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24465"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24522 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24522"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24519 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24519"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24463 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24463"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23278 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23278"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23265 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23265"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24457 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24457"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23266 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23266"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24511 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24511"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24452 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24452"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23300 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23300"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24451 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24451"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24506 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24506"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24510 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24510"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24464 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
}
],
"reference": "CERTFR-2022-AVI-227",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, un d\u00e9ni de\nservice, une usurpation d\u0027identit\u00e9, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
FKIE_CVE-2022-24464
Vulnerability from fkie_nvd - Published: 2022-03-09 17:15 - Updated: 2024-11-21 06:50
Severity ?
Summary
.NET and Visual Studio Denial of Service Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net | * | |
| microsoft | .net | * | |
| microsoft | .net_core | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D986C83E-F055-4861-B3FC-D1AE2662A826",
"versionEndIncluding": "5.0.14",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C933FD8-CBE5-43C7-873A-CC2C47E2BF3A",
"versionEndIncluding": "6.0.2",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB57B616-F5BD-47B7-BBD0-AF58976CEE10",
"versionEndIncluding": "3.1.22",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6222A0C-EC9B-4AB2-A89F-5D62B381A212",
"versionEndIncluding": "16.6.4",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "367AC9B2-D639-40F6-93FB-822F73E65C30",
"versionEndExcluding": "16.7.26",
"versionStartIncluding": "16.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9599DF-664B-4630-9FCD-7FCD846728A1",
"versionEndIncluding": "16.8.7",
"versionStartIncluding": "16.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4338A4F9-0FE2-40F4-B184-86B9F5EF1EED",
"versionEndExcluding": "16.9.18",
"versionStartIncluding": "16.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6E2777-4D9B-4710-9575-250B04E1AE0C",
"versionEndIncluding": "16.10.4",
"versionStartIncluding": "16.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1265006-B9CB-4E89-B6E8-F9EC1D6C7405",
"versionEndExcluding": "16.11.11",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C72810F-D156-49CE-A325-7E6A63C9E4A3",
"versionEndExcluding": "17.0.7",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ".NET and Visual Studio Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Una vulnerabilidad de Denegaci\u00f3n de Servicio en .NET y Visual Studio"
}
],
"id": "CVE-2022-24464",
"lastModified": "2024-11-21T06:50:28.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2022-03-09T17:15:14.277",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
bit-dotnet-2022-24464
Vulnerability from bitnami_vulndb
Published
2024-03-06 10:58
Modified
2025-05-20 10:02
Summary
.NET and Visual Studio Denial of Service Vulnerability
Details
.NET and Visual Studio Denial of Service Vulnerability
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "dotnet",
"purl": "pkg:bitnami/dotnet"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
},
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2022-24464"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": ".NET and Visual Studio Denial of Service Vulnerability",
"id": "BIT-dotnet-2022-24464",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2024-03-06T10:58:33.275Z",
"references": [
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24464"
}
],
"schema_version": "1.5.0",
"summary": ".NET and Visual Studio Denial of Service Vulnerability"
}
GSD-2022-24464
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
.NET and Visual Studio Denial of Service Vulnerability
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-24464",
"description": ".NET and Visual Studio Denial of Service Vulnerability.",
"id": "GSD-2022-24464",
"references": [
"https://access.redhat.com/errata/RHSA-2022:0832",
"https://access.redhat.com/errata/RHSA-2022:0830",
"https://access.redhat.com/errata/RHSA-2022:0829",
"https://access.redhat.com/errata/RHSA-2022:0828",
"https://access.redhat.com/errata/RHSA-2022:0827",
"https://access.redhat.com/errata/RHSA-2022:0826",
"https://linux.oracle.com/cve/CVE-2022-24464.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-24464"
],
"details": ".NET and Visual Studio Denial of Service Vulnerability",
"id": "GSD-2022-24464",
"modified": "2023-12-13T01:19:43.139561Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-24464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": ".NET 6.0",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.0.0",
"version_value": "6.0.3"
}
]
}
},
{
"product_name": ".NET 5.0",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.0.0",
"version_value": "5.0.15"
}
]
}
},
{
"product_name": ".NET Core 3.1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.1",
"version_value": "3.1.23"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "16.0.0",
"version_value": "16.7.26"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15.0.0",
"version_value": "16.9.18"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "16.11.0",
"version_value": "16.11.11"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2022 version 17.0",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "17.0.0",
"version_value": "17.0.7"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ".NET and Visual Studio Denial of Service Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464",
"refsource": "MISC",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-10-21",
"description": ".NET and Visual Studio Denial of Service Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24464",
"identifiers": [
"GHSA-cw98-9j8w-wxv9",
"CVE-2022-24464"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-arm",
"pubdate": "2022-10-21",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": ".NET Denial of Service Vulnerability",
"urls": [
"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"https://github.com/dotnet/announcements/issues/212",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464",
"https://github.com/advisories/GHSA-cw98-9j8w-wxv9"
],
"uuid": "772479dc-e713-47ad-9c5f-d0e586b47cda"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-10-21",
"description": ".NET and Visual Studio Denial of Service Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24464",
"identifiers": [
"GHSA-cw98-9j8w-wxv9",
"CVE-2022-24464"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64",
"pubdate": "2022-10-21",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": ".NET Denial of Service Vulnerability",
"urls": [
"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"https://github.com/dotnet/announcements/issues/212",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464",
"https://github.com/advisories/GHSA-cw98-9j8w-wxv9"
],
"uuid": "f8a94969-ce4e-438c-9dcc-7b0f2b49f96b"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-10-21",
"description": ".NET and Visual Studio Denial of Service Vulnerability.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24464",
"identifiers": [
"GHSA-cw98-9j8w-wxv9",
"CVE-2022-24464"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm",
"pubdate": "2022-10-21",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": ".NET Denial of Service Vulnerability",
"urls": [
"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"https://github.com/dotnet/announcements/issues/212",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464",
"https://github.com/advisories/GHSA-cw98-9j8w-wxv9"
],
"uuid": "1ed395f1-d18b-46a8-bc70-7a18973d8c36"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-10-21",
"description": ".NET and Visual Studio Denial of Service Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24464",
"identifiers": [
"GHSA-cw98-9j8w-wxv9",
"CVE-2022-24464"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",
"pubdate": "2022-10-21",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": ".NET Denial of Service Vulnerability",
"urls": [
"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"https://github.com/dotnet/announcements/issues/212",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464",
"https://github.com/advisories/GHSA-cw98-9j8w-wxv9"
],
"uuid": "a4007673-03e2-4de5-a064-14ec5631eaec"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-10-21",
"description": ".NET and Visual Studio Denial of Service Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24464",
"identifiers": [
"GHSA-cw98-9j8w-wxv9",
"CVE-2022-24464"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-x64",
"pubdate": "2022-10-21",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": ".NET Denial of Service Vulnerability",
"urls": [
"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"https://github.com/dotnet/announcements/issues/212",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464",
"https://github.com/advisories/GHSA-cw98-9j8w-wxv9"
],
"uuid": "caa2e258-c62f-45d9-a50d-e513c708dcb2"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-10-21",
"description": ".NET and Visual Studio Denial of Service Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24464",
"identifiers": [
"GHSA-cw98-9j8w-wxv9",
"CVE-2022-24464"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-x64",
"pubdate": "2022-10-21",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": ".NET Denial of Service Vulnerability",
"urls": [
"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"https://github.com/dotnet/announcements/issues/212",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464",
"https://github.com/advisories/GHSA-cw98-9j8w-wxv9"
],
"uuid": "e425ac78-59cb-4906-9329-e7801d445604"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-10-21",
"description": ".NET and Visual Studio Denial of Service Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24464",
"identifiers": [
"GHSA-cw98-9j8w-wxv9",
"CVE-2022-24464"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.osx-arm64",
"pubdate": "2022-10-21",
"solution": "Upgrade to version 6.0.3 or above.",
"title": ".NET Denial of Service Vulnerability",
"urls": [
"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"https://github.com/dotnet/announcements/issues/212",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464",
"https://github.com/advisories/GHSA-cw98-9j8w-wxv9"
],
"uuid": "cb1a20d1-bdc6-4e3c-9dfd-39f2bac507fe"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-10-21",
"description": ".NET and Visual Studio Denial of Service Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24464",
"identifiers": [
"GHSA-cw98-9j8w-wxv9",
"CVE-2022-24464"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.osx-x64",
"pubdate": "2022-10-21",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": ".NET Denial of Service Vulnerability",
"urls": [
"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"https://github.com/dotnet/announcements/issues/212",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464",
"https://github.com/advisories/GHSA-cw98-9j8w-wxv9"
],
"uuid": "655192dd-0c54-4896-a869-202a985199a3"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-10-21",
"description": ".NET and Visual Studio Denial of Service Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24464",
"identifiers": [
"GHSA-cw98-9j8w-wxv9",
"CVE-2022-24464"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.win-arm",
"pubdate": "2022-10-21",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": ".NET Denial of Service Vulnerability",
"urls": [
"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"https://github.com/dotnet/announcements/issues/212",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464",
"https://github.com/advisories/GHSA-cw98-9j8w-wxv9"
],
"uuid": "7e937712-0bd6-481b-b60f-1c34db12f913"
},
{
"affected_range": "[3.1.5,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.1.5 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-10-21",
"description": ".NET and Visual Studio Denial of Service Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24464",
"identifiers": [
"GHSA-cw98-9j8w-wxv9",
"CVE-2022-24464"
],
"not_impacted": "All versions before 3.1.5, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.win-arm64",
"pubdate": "2022-10-21",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": ".NET Denial of Service Vulnerability",
"urls": [
"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"https://github.com/dotnet/announcements/issues/212",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464",
"https://github.com/advisories/GHSA-cw98-9j8w-wxv9"
],
"uuid": "fd0970f3-4e58-4111-9e96-16d64858cd0b"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-10-21",
"description": ".NET and Visual Studio Denial of Service Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24464",
"identifiers": [
"GHSA-cw98-9j8w-wxv9",
"CVE-2022-24464"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.win-x64",
"pubdate": "2022-10-21",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": ".NET Denial of Service Vulnerability",
"urls": [
"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"https://github.com/dotnet/announcements/issues/212",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464",
"https://github.com/advisories/GHSA-cw98-9j8w-wxv9"
],
"uuid": "bb9c5e78-0838-4295-a1e2-5bdae3368be8"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-10-21",
"description": ".NET and Visual Studio Denial of Service Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24464",
"identifiers": [
"GHSA-cw98-9j8w-wxv9",
"CVE-2022-24464"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.win-x86",
"pubdate": "2022-10-21",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": ".NET Denial of Service Vulnerability",
"urls": [
"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"https://github.com/dotnet/announcements/issues/212",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464",
"https://github.com/advisories/GHSA-cw98-9j8w-wxv9"
],
"uuid": "3053cf3f-5b7b-4f21-a5f4-3c414d0fef13"
},
{
"affected_range": "[5.0,5.0.14],[6.0.0,6.0.2]",
"affected_versions": "All versions starting from 5.0 up to 5.0.14, all versions starting from 6.0.0 up to 6.0.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-05-12",
"description": ".NET and Visual Studio Denial of Service Vulnerability.",
"fixed_versions": [],
"identifier": "CVE-2022-24464",
"identifiers": [
"CVE-2022-24464"
],
"not_impacted": "",
"package_slug": "nuget/System.Text.Encodings.Web",
"pubdate": "2022-03-09",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-24464",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464"
],
"uuid": "581e3ceb-30f0-4898-bd12-05b5f2c6ff98"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D986C83E-F055-4861-B3FC-D1AE2662A826",
"versionEndIncluding": "5.0.14",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C933FD8-CBE5-43C7-873A-CC2C47E2BF3A",
"versionEndIncluding": "6.0.2",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB57B616-F5BD-47B7-BBD0-AF58976CEE10",
"versionEndIncluding": "3.1.22",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6222A0C-EC9B-4AB2-A89F-5D62B381A212",
"versionEndIncluding": "16.6.4",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "367AC9B2-D639-40F6-93FB-822F73E65C30",
"versionEndExcluding": "16.7.26",
"versionStartIncluding": "16.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9599DF-664B-4630-9FCD-7FCD846728A1",
"versionEndIncluding": "16.8.7",
"versionStartIncluding": "16.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4338A4F9-0FE2-40F4-B184-86B9F5EF1EED",
"versionEndExcluding": "16.9.18",
"versionStartIncluding": "16.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6E2777-4D9B-4710-9575-250B04E1AE0C",
"versionEndIncluding": "16.10.4",
"versionStartIncluding": "16.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1265006-B9CB-4E89-B6E8-F9EC1D6C7405",
"versionEndExcluding": "16.11.11",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C72810F-D156-49CE-A325-7E6A63C9E4A3",
"versionEndExcluding": "17.0.7",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ".NET and Visual Studio Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Una vulnerabilidad de Denegaci\u00f3n de Servicio en .NET y Visual Studio"
}
],
"id": "CVE-2022-24464",
"lastModified": "2023-12-13T16:15:17.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2022-03-09T17:15:14.277",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
GHSA-CW98-9J8W-WXV9
Vulnerability from github – Published: 2022-10-21 20:32 – Updated: 2022-10-21 20:32
VLAI?
Summary
.NET Denial of Service Vulnerability
Details
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET CORE 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Microsoft is aware of a Denial of Service vulnerability, which exists in .NET 6.0, .NET 5.0, and .NET CORE 3.1 when parsing certain types of http form requests.
Affected Software
- Any .NET 6.0 application running on .NET 6.0.2 or lower
- Any .NET 5.0 application running on .NET 5.0.14 or lower
- Any .NET Core 3.1 application running on .NET Core 3.1.22 or lower
Patches
To fix the issue, please install the latest version of .NET 6.0 or .NET 5.0 or .NET Core 3.1.. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs.
-
If you're using .NET Core 6.0, you should download and install Runtime 6.0.3 or SDK 6.0.201 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.
-
If you're using .NET 5.0, you should download and install Runtime 5.0.15 or SDK 5.0.406 (for Visual Studio 2019 v16.11) or SDK 5.0.212 (for Visual Studio 2011 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/5.0.
-
If you're using .NET Core 3.1, you should download and install Runtime 3.1.23 or SDK 3.1.417 (for Visual Studio 2019 v16.7.26) from https://dotnet.microsoft.com/download/dotnet-core/5.0. .NET 6.0 and .NET 5.0 updates are also available from Microsoft Update. To access this either type "Check for updates" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates.
.NET 6.0 and .NET 5.0 and, .NET Core 3.1 updates are also available from Microsoft Update. To access this either type "Check for updates" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates.
Other Details
- Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/212
- An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/40598
- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/ CVE-2022-24464
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-musl-x64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-arm"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "3.1.5"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-musl-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-arm"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-musl-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.osx-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24464"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": true,
"github_reviewed_at": "2022-10-21T20:32:34Z",
"nvd_published_at": "2022-03-09T17:15:00Z",
"severity": "HIGH"
},
"details": "Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET CORE 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nMicrosoft is aware of a Denial of Service vulnerability, which exists in .NET 6.0, .NET 5.0, and .NET CORE 3.1 when parsing certain types of http form requests.\n\n### Affected Software\n\n* Any .NET 6.0 application running on .NET 6.0.2 or lower\n* Any .NET 5.0 application running on .NET 5.0.14 or lower\n* Any .NET Core 3.1 application running on .NET Core 3.1.22 or lower \n\n### Patches\nTo fix the issue, please install the latest version of .NET 6.0 or .NET 5.0 or .NET Core 3.1.. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs.\n\n* If you\u0027re using .NET Core 6.0, you should download and install Runtime 6.0.3 or SDK 6.0.201 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.\n\n* If you\u0027re using .NET 5.0, you should download and install Runtime 5.0.15 or SDK 5.0.406 (for Visual Studio 2019 v16.11) or SDK 5.0.212 (for Visual Studio 2011 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/5.0.\n\n* If you\u0027re using .NET Core 3.1, you should download and install Runtime 3.1.23 or SDK 3.1.417 (for Visual Studio 2019 v16.7.26) from https://dotnet.microsoft.com/download/dotnet-core/5.0.\n.NET 6.0 and .NET 5.0 updates are also available from Microsoft Update. To access this either type \"Check for updates\" in your Windows search, or open Settings, choose Update \u0026 Security and then click Check for Updates.\n\n.NET 6.0 and .NET 5.0 and, .NET Core 3.1 updates are also available from Microsoft Update. To access this either type \"Check for updates\" in your Windows search, or open Settings, choose Update \u0026 Security and then click Check for Updates.\n\n#### Other Details\n\n- Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/212\n- An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/40598\n- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/ CVE-2022-24464",
"id": "GHSA-cw98-9j8w-wxv9",
"modified": "2022-10-21T20:32:34Z",
"published": "2022-10-21T20:32:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24464"
},
{
"type": "WEB",
"url": "https://github.com/dotnet/announcements/issues/212"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": ".NET Denial of Service Vulnerability"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…