CVE-2022-24512: .NET and Visual Studio Remote Code Execution Vulnerability
First published: Tue Mar 08 2022(Updated: )
.NET and Visual Studio Remote Code Execution Vulnerability
Credit: secure@microsoft.com secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft .NET 6.0 | ||
| nuget/Microsoft.NETCore.App.Runtime.win-x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.win-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.win-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.win-arm | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.osx-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.osx-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.win-x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.win-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.osx-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.osx-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.linux-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.linux-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.linux-arm | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.linux-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.linux-musl-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.linux-musl-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.linux-musl-arm | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.linux-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.linux-arm | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86.Msi.x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64.Msi.x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64.Msi.x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvos-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-x64 | >=6.0.0<6.0.3 | 6.0.3 |
| nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-arm64 | >=6.0.0<6.0.3 | 6.0.3 |
| Microsoft PowerShell | ||
| Microsoft PowerShell | ||
| Microsoft PowerShell | ||
| Microsoft Visual Studio 2019 | =16.7 | |
| Microsoft Visual Studio 2019 | =16.9 | |
| Microsoft Visual Studio 2019 | =16.11 | |
| Microsoft .NET 5.0 | ||
| Microsoft .NET Core Runtime | =3.1 | |
| Microsoft .NET Framework | =5.0 | |
| Microsoft .NET Framework | =6.0.0 | |
| Microsoft .NET Core Runtime | =3.1 | |
| Windows PowerShell | >=7.0<7.0.9 | |
| Windows PowerShell | >=7.1<7.1.6 | |
| Windows PowerShell | >=7.2<7.2.2 | |
| Visual Studio Enterprise 2019 | >=16.0<=16.6.4 | |
| Visual Studio Enterprise 2019 | >=16.7.0<16.7.26 | |
| Visual Studio Enterprise 2019 | >=16.8.0<=16.8.7 | |
| Visual Studio Enterprise 2019 | >=16.9.0<16.9.18 | |
| Visual Studio Enterprise 2019 | >=16.10.0<=16.10.4 | |
| Visual Studio Enterprise 2019 | >=16.11.0<16.11.11 | |
| Visual Studio Community 2022 | >=17.0<17.0.7 | |
| Red Hat Fedora | =34 | |
| Red Hat Fedora | =35 | |
| Red Hat Fedora | =36 | |
| Visual Studio Community 2022 | =17.0 | |
| Visual Studio Community 2022 | >=17.0.0<17.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512 (Advisory)
- https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9
- https://nvd.nist.gov/vuln/detail/CVE-2022-24512
- https://github.com/dotnet/announcements/issues/213
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512
- https://github.com/advisories/GHSA-c6w8-7mp3-34j9 (Advisory)
Frequently Asked Questions
What is CVE-2022-24512?
CVE-2022-24512 is a .NET and Visual Studio remote code execution vulnerability.
How severe is CVE-2022-24512?
CVE-2022-24512 has a severity level of 6.3 (high).
Which software versions are affected by CVE-2022-24512?
CVE-2022-24512 affects Visual Studio 2019 versions 16.0 - 16.10, Visual Studio 2022 version 17.0, .NET 6.0, PowerShell 7.2, .NET 5.0, .NET Core 3.1, Visual Studio 2019 versions 16.0 - 16.6, PowerShell 7.1, and Visual Studio 2019 versions 16.0 - 16.8.
How can I fix CVE-2022-24512?
To fix CVE-2022-24512, update to Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.0, .NET 6.0, PowerShell 7.2, .NET 5.0, .NET Core 3.1, Visual Studio 2019 version 16.7, PowerShell 7.1, or Visual Studio 2019 version 16.9.
Where can I find more information about CVE-2022-24512?
You can find more information about CVE-2022-24512 at the following reference link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512
- collector/msrc
- agent/type
- agent/first-publish-date
- collector/msrc-cve
- source/Microsoft
- agent/title
- agent/remedy
- agent/software-canonical-lookup
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-c6w8-7mp3-34j9
- alias/CVE-2022-24512
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/author
- collector/github-advisory
- agent/event
- agent/trending
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft .net 6.0
- package-manager/nuget
- canonical/microsoft powershell
- canonical/microsoft visual studio 2019
- version/microsoft visual studio 2019/16.7
- version/microsoft visual studio 2019/16.9
- version/microsoft visual studio 2019/16.11
- canonical/microsoft .net 5.0
- canonical/microsoft .net core runtime
- version/microsoft .net core runtime/3.1
- canonical/microsoft .net framework
- version/microsoft .net framework/5.0
- version/microsoft .net framework/6.0.0
- canonical/windows powershell
- version/windows powershell/7.0
- version/windows powershell/7.1
- version/windows powershell/7.2
- canonical/visual studio enterprise 2019
- version/visual studio enterprise 2019/16.0
- version/visual studio enterprise 2019/16.6.4
- version/visual studio enterprise 2019/16.7.0
- version/visual studio enterprise 2019/16.8.0
- version/visual studio enterprise 2019/16.8.7
- version/visual studio enterprise 2019/16.9.0
- version/visual studio enterprise 2019/16.10.0
- version/visual studio enterprise 2019/16.10.4
- version/visual studio enterprise 2019/16.11.0
- canonical/visual studio community 2022
- version/visual studio community 2022/17.0
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/34
- version/red hat fedora/35
- version/red hat fedora/36
- version/visual studio community 2022/17.0.0