⚠ Actively exploited

Added to CISA KEV on 2025-02-04. Federal agencies required to patch by 2025-02-25. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2024-29059

CWE-209 CWE-200 — Information Exposure12 documents11 sources

Severity

7.5HIGH

EPSS

93.8%

top 0.14%

CISA KEV

KEV

Added 2025-02-04

Due 2025-02-25

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Microsoft .net Framework 2.0 Service Pack 2 Microsoft Microsoft .net Framework 3.0 Service Pack 2 Microsoft Microsoft .net Framework 3.5 +9 more

Timeline

PublishedMar 23

KEV addedFeb 4

KEV dueFeb 25

Latest updateJan 12

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

.NET Framework Information Disclosure Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages12 packages

▶CVEListV5microsoft/microsoft_.net_framework_3.53.5.0 — 3.0.50727.8976

▶CVEListV5microsoft/microsoft_.net_framework_4.84.8.0 — 4.8.04690.02

▶CVEListV5microsoft/microsoft_.net_framework_3.5.13.5.0 — 3.0.30729.8959

▶CVEListV5microsoft/microsoft_.net_framework_4.6.24.7.0 — 4.7.04081.03

▶CVEListV5microsoft/microsoft_.net_framework_3.5_and_4.84.8.0 — 4.8.04690.02

🔴Vulnerability Details

GHSA

GHSA-pg2q-wfgh-r323↗2024-03-23

▶

CVEList

.NET Framework Information Disclosure Vulnerability↗2024-03-22

▶

VulnCheck

Microsoft .NET Framework Information Disclosure Vulnerability↗2024

▶

💥Exploits & PoCs

Nuclei

.NET Framework - Leaking ObjRefs via HTTP .NET Remoting

▶

🔍Detection Rules

Suricata

ET EXPLOIT .NET Remoting BinaryServerFormatterSink ObjRef Leak (CVE-2024-29059)↗2024-09-26

▶

Suricata

ET EXPLOIT .NET Remoting SoapServerFormatterSink ObjRef Leak (CVE-2024-29059)↗2024-09-26

▶

📋Vendor Advisories

CISA

Microsoft .NET Framework Information Disclosure Vulnerability↗2025-02-04

▶

Red Hat

dotnet: .NET Framework Information Disclosure Vulnerability↗2024-03-23

▶

Microsoft

.NET Framework Information Disclosure Vulnerability↗2024-03-12

▶

💬Community

HackerOne

[███] .NET Framework ObjRefs Disclosure (CVE-2024-29059)↗2026-01-12

▶