What is the vulnerability ID?

The vulnerability ID is CVE-2022-23267.

What is the severity of CVE-2022-23267?

The severity of CVE-2022-23267 is high with a severity value of 7.5.

Which software is affected by CVE-2022-23267?

The software affected by CVE-2022-23267 includes Microsoft .NET 5.0, Microsoft .NET 6.0.0, Microsoft .NET Core 3.1, Microsoft Powershell versions 7.0 to 7.0.11 and 7.2 to 7.2.4, Microsoft Visual Studio 2019 versions 16.0 to 16.9.21 and 16.10 to 16.11.14, and Microsoft Visual Studio 2022 versions 17.0 and 17.1.

What is the description of CVE-2022-23267?

CVE-2022-23267 is a Denial of Service vulnerability in .NET and Visual Studio.

How can I fix CVE-2022-23267?

There is currently no fix available for CVE-2022-23267. It is recommended to follow the security advisories from the software vendors for updates or patches.

Vulnerability/
CVE-2022-23267

high

7.5

CWE

400

10/5/2022

21/10/2022

3/8/2024

CVE-2022-23267: .NET and Visual Studio Denial of Service Vulnerability

First published: Tue May 10 2022(Updated: )

.NET and Visual Studio Denial of Service Vulnerability

Credit: secure@microsoft.com secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
nuget/Microsoft.AspNetCore.App.Runtime.win-x86	>=6.0.0<6.0.5	6.0.5
nuget/Microsoft.AspNetCore.App.Runtime.win-x64	>=6.0.0<6.0.5	6.0.5
nuget/Microsoft.AspNetCore.App.Runtime.win-arm64	>=6.0.0<6.0.5	6.0.5
nuget/Microsoft.AspNetCore.App.Runtime.win-arm	>=6.0.0<6.0.5	6.0.5
nuget/Microsoft.AspNetCore.App.Runtime.osx-x64	>=6.0.0<6.0.5	6.0.5
nuget/Microsoft.AspNetCore.App.Runtime.osx-arm64	>=6.0.0<6.0.5	6.0.5
nuget/Microsoft.AspNetCore.App.Runtime.linux-x64	>=6.0.0<6.0.5	6.0.5
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-x64	>=6.0.0<6.0.5	6.0.5
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	>=6.0.0<6.0.5	6.0.5
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm	>=6.0.0<6.0.5	6.0.5
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64	>=6.0.0<6.0.5	6.0.5
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm	>=6.0.0<6.0.5	6.0.5
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm	>=5.0.1<5.0.17	5.0.17
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	>=5.0.0<5.0.17	5.0.17
nuget/Microsoft.AspNetCore.App.Runtime.win-arm	>=5.0.0<5.0.17	5.0.17
nuget/Microsoft.AspNetCore.App.Runtime.win-arm64	>=5.0.0<5.0.17	5.0.17
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm	>=5.0.0<5.0.17	5.0.17
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64	>=5.0.0<5.0.17	5.0.17
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-x64	>=5.0.0<5.0.17	5.0.17
nuget/Microsoft.AspNetCore.App.Runtime.osx-x64	>=5.0.0<5.0.17	5.0.17
nuget/Microsoft.AspNetCore.App.Runtime.win-x86	>=5.0.0<5.0.17	5.0.17
nuget/Microsoft.AspNetCore.App.Runtime.linux-x64	>=5.0.0<5.0.17	5.0.17
nuget/Microsoft.AspNetCore.App.Runtime.win-x64	>=5.0.0<5.0.17	5.0.17
nuget/Microsoft.AspNetCore.App.Runtime.win-x86	>=3.0.0<3.1.25	3.1.25
nuget/Microsoft.AspNetCore.App.Runtime.win-x64	>=3.0.0<3.1.25	3.1.25
nuget/Microsoft.AspNetCore.App.Runtime.win-arm64	>=3.0.0<3.1.25	3.1.25
nuget/Microsoft.AspNetCore.App.Runtime.win-arm	>=3.0.0<3.1.25	3.1.25
nuget/Microsoft.AspNetCore.App.Runtime.osx-x64	>=3.0.0<3.1.25	3.1.25
nuget/Microsoft.AspNetCore.App.Runtime.linux-x64	>=3.0.0<3.1.25	3.1.25
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-x64	>=3.0.0<3.1.25	3.1.25
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	>=3.0.0<3.1.25	3.1.25
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64	>=3.0.0<3.1.25	3.1.25
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm	>=3.0.0<3.1.25	3.1.25
Microsoft .NET	=5.0
Microsoft .NET	=6.0.0
Microsoft .NET Core	=3.1
Microsoft PowerShell	>=7.0<7.0.11
Microsoft PowerShell	>=7.2<7.2.4
Microsoft Visual Studio 2019	>=16.0<16.9.21
Microsoft Visual Studio 2019	>=16.10<16.11.14
Microsoft Visual Studio 2022	=17.0
Microsoft Visual Studio 2022	=17.1
Fedoraproject Fedora	=34
Fedoraproject Fedora	=35
Fedoraproject Fedora	=36

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2022-23267.
What is the severity of CVE-2022-23267?
The severity of CVE-2022-23267 is high with a severity value of 7.5.
Which software is affected by CVE-2022-23267?
The software affected by CVE-2022-23267 includes Microsoft .NET 5.0, Microsoft .NET 6.0.0, Microsoft .NET Core 3.1, Microsoft Powershell versions 7.0 to 7.0.11 and 7.2 to 7.2.4, Microsoft Visual Studio 2019 versions 16.0 to 16.9.21 and 16.10 to 16.11.14, and Microsoft Visual Studio 2022 versions 17.0 and 17.1.
What is the description of CVE-2022-23267?
CVE-2022-23267 is a Denial of Service vulnerability in .NET and Visual Studio.
How can I fix CVE-2022-23267?
There is currently no fix available for CVE-2022-23267. It is recommended to follow the security advisories from the software vendors for updates or patches.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
agent/weakness
collector/github-advisory
alias/GHSA-485p-mrj5-8w2v
alias/CVE-2022-23267
collector/github-advisory-latest
collector/mitre-cve
source/MITRE
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-cve
collector/nvd-index
package-manager/nuget
vendor/microsoft
canonical/microsoft .net
version/microsoft .net/5.0
version/microsoft .net/6.0.0
canonical/microsoft .net core
version/microsoft .net core/3.1
canonical/microsoft powershell
version/microsoft powershell/7.0
version/microsoft powershell/7.2
canonical/microsoft visual studio 2019
version/microsoft visual studio 2019/16.0
version/microsoft visual studio 2019/16.10
canonical/microsoft visual studio 2022
version/microsoft visual studio 2022/17.0
version/microsoft visual studio 2022/17.1
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/34
version/fedoraproject fedora/35
version/fedoraproject fedora/36