CVE-2023-38171

CWE-476NULL Pointer DereferenceCWE-400Uncontrolled Resource Consumption5 documents5 sources
Severity
7.5HIGH
No vector
EPSS
9.0%
top 7.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Microsoft .net 7.0Microsoft Microsoft Visual Studio 2022 Version 17.2Microsoft Microsoft Visual Studio 2022 Version 17.4+6 more
Timeline
PublishedOct 10

Description

Microsoft QUIC Denial of Service Vulnerability Microsoft QUIC Denial of Service Vulnerability

Affected Packages11 packages

CVEListV5microsoft/.net_7.07.0.07.0.13
CVEListV5microsoft/powershell_7.37.3.07.3.9
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.2031

🔴Vulnerability Details

3
CVEList
Microsoft QUIC Denial of Service Vulnerability2023-10-10
OSV
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel2023-10-10
GHSA
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel2023-10-10

📋Vendor Advisories

2
Red Hat
dotnet: NULL pointer dereference in MsQuic.dll may lead to denial of service2023-10-10
Microsoft
Microsoft QUIC Denial of Service Vulnerability2023-10-10
CVE-2023-38171 (HIGH CVSS 7.5) | Microsoft QUIC Denial of Service Vu | cvebase.io