What is CVE-2022-38013?

CVE-2022-38013 is a denial of service vulnerability in .NET Core and Visual Studio.

Which software is affected by CVE-2022-38013?

The affected software includes Microsoft .NET 6.0.0, Microsoft .NET Core 3.1, Microsoft Visual Studio 2019 versions 16.9 and 16.11, and Microsoft Visual Studio 2022 versions 17.0, 17.2, and 17.3.

What is the severity of CVE-2022-38013?

CVE-2022-38013 has a severity rating of high (7.5).

How can I fix CVE-2022-38013?

To fix CVE-2022-38013, it is recommended to update to the latest versions of the affected software.

Where can I find more information about CVE-2022-38013?

You can find more information about CVE-2022-38013 at the following references: [link 1](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY/), [link 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE/), [link 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y/)

Vulnerability/
CVE-2022-38013

high

7.5

13/9/2022

15/9/2022

3/8/2024

CVE-2022-38013: .NET Core and Visual Studio Denial of Service Vulnerability

First published: Tue Sep 13 2022(Updated: )

.NET Core and Visual Studio Denial of Service Vulnerability

Credit: secure@microsoft.com secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft .NET	=6.0.0
Microsoft .NET Core	=3.1
Microsoft Visual Studio 2019	=16.9
Microsoft Visual Studio 2019	=16.11
Microsoft Visual Studio 2022	=17.0
Microsoft Visual Studio 2022	=17.2
Microsoft Visual Studio 2022	=17.3
Microsoft Visual Studio 2022	=17.3
Fedoraproject Fedora	=35
Fedoraproject Fedora	=36
Fedoraproject Fedora	=37
nuget/Microsoft.AspNetCore.App.Runtime.win-x86	>=5.0.0<6.0.9	6.0.9
nuget/Microsoft.AspNetCore.App.Runtime.win-x64	>=5.0.0<6.0.9	6.0.9
nuget/Microsoft.AspNetCore.App.Runtime.win-arm64	>=5.0.0<6.0.9	6.0.9
nuget/Microsoft.AspNetCore.App.Runtime.win-arm	>=5.0.0<6.0.9	6.0.9
nuget/Microsoft.AspNetCore.App.Runtime.osx-x64	>=5.0.0<6.0.9	6.0.9
nuget/Microsoft.AspNetCore.App.Runtime.osx-arm64	>=5.0.0<6.0.9	6.0.9
nuget/Microsoft.AspNetCore.App.Runtime.linux-x64	>=5.0.0<6.0.9	6.0.9
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-x64	>=5.0.0<6.0.9	6.0.9
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	>=5.0.0<6.0.9	6.0.9
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm	>=5.0.0<6.0.9	6.0.9
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64	>=5.0.0<6.0.9	6.0.9
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm	>=5.0.0<6.0.9	6.0.9
nuget/Microsoft.AspNetCore.App.Runtime.win-x86	>=3.1.0<3.1.29	3.1.29
nuget/Microsoft.AspNetCore.App.Runtime.win-x64	>=3.1.0<3.1.29	3.1.29
nuget/Microsoft.AspNetCore.App.Runtime.win-arm64	>=3.1.0<3.1.29	3.1.29
nuget/Microsoft.AspNetCore.App.Runtime.win-arm	>=3.1.0<3.1.29	3.1.29
nuget/Microsoft.AspNetCore.App.Runtime.osx-x64	>=3.1.0<3.1.29	3.1.29
nuget/Microsoft.AspNetCore.App.Runtime.linux-x64	>=3.1.0<3.1.29	3.1.29
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-x64	>=3.1.0<3.1.29	3.1.29
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	>=3.1.0<3.1.29	3.1.29
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64	>=3.1.0<3.1.29	3.1.29
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm	>=3.1.0<3.1.29	3.1.29

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-38013?
CVE-2022-38013 is a denial of service vulnerability in .NET Core and Visual Studio.
Which software is affected by CVE-2022-38013?
The affected software includes Microsoft .NET 6.0.0, Microsoft .NET Core 3.1, Microsoft Visual Studio 2019 versions 16.9 and 16.11, and Microsoft Visual Studio 2022 versions 17.0, 17.2, and 17.3.
What is the severity of CVE-2022-38013?
CVE-2022-38013 has a severity rating of high (7.5).
How can I fix CVE-2022-38013?
To fix CVE-2022-38013, it is recommended to update to the latest versions of the affected software.
Where can I find more information about CVE-2022-38013?
You can find more information about CVE-2022-38013 at the following references: [link 1](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY/), [link 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE/), [link 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y/)

collector/github-advisory-latest
alias/GHSA-r8m2-4x37-6592
alias/CVE-2022-38013
collector/github-advisory
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
collector/nvd-cve
agent/software-canonical-lookup-request
collector/nvd-index
collector/nvd-api
agent/references
agent/severity
agent/author
agent/remedy
agent/title
agent/tags
agent/description
agent/event
collector/mitre-cve
source/MITRE
package-manager/nuget
vendor/microsoft
canonical/microsoft .net
version/microsoft .net/6.0.0
canonical/microsoft .net core
version/microsoft .net core/3.1
canonical/microsoft visual studio 2019
version/microsoft visual studio 2019/16.9
version/microsoft visual studio 2019/16.11
canonical/microsoft visual studio 2022
version/microsoft visual studio 2022/17.0
version/microsoft visual studio 2022/17.2
version/microsoft visual studio 2022/17.3
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/35
version/fedoraproject fedora/36
version/fedoraproject fedora/37