CVE-2023-38178

CWE-400 — Uncontrolled Resource Consumption10 documents7 sources

Severity

7.5HIGH

EPSS

1.8%

top 17.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft .net 6.0 Microsoft Microsoft Visual Studio 2022 Version 17.2 Microsoft Microsoft Visual Studio 2022 Version 17.4 +2 more

Timeline

PublishedAug 8

Latest updateAug 10

Description

.NET Core and Visual Studio Denial of Service Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages15 packages

▶NVDmicrosoft/visual_studio_202217.2.0 — 17.2.18+1

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.217.2.0 — 17.2.18

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.417.4.0 — 17.4.10

▶NuGetMicrosoft.NetCore.App.Runtime.win-arm7.0.0 — 7.0.10

▶NuGetMicrosoft.NetCore.App.Runtime.win-x647.0.0 — 7.0.10

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

dotnet6, dotnet7 vulnerabilities↗2023-08-10

▶

OSV

.NET Denial of Service Vulnerability↗2023-08-09

▶

GHSA

.NET Denial of Service Vulnerability↗2023-08-09

▶

CVEList

.NET Core and Visual Studio Denial of Service Vulnerability↗2023-08-08

▶

OSV

CVE-2023-38178↗2023-08-08

▶

📋Vendor Advisories

Ubuntu

.NET vulnerabilities↗2023-08-10

▶

Microsoft

.NET Core and Visual Studio Denial of Service Vulnerability↗2023-08-08

▶

Ubuntu

.NET vulnerabilities↗2023-08-08

▶

Red Hat

dotnet: ASP.NET Kestrel stream flow control leads to Denial of Service↗2023-08-08

▶