First published: Tue Sep 13 2022(Updated: )
.NET Core and Visual Studio Denial of Service Vulnerability
Credit: secure@microsoft.com secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft .NET | =6.0.0 | |
Microsoft .NET Core | =3.1 | |
Microsoft Visual Studio 2019 | =16.9 | |
Microsoft Visual Studio 2019 | =16.11 | |
Microsoft Visual Studio 2022 | =17.0 | |
Microsoft Visual Studio 2022 | =17.2 | |
Microsoft Visual Studio 2022 | =17.3 | |
Microsoft Visual Studio 2022 | =17.3 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 | |
nuget/Microsoft.AspNetCore.App.Runtime.win-x86 | >=5.0.0<6.0.9 | 6.0.9 |
nuget/Microsoft.AspNetCore.App.Runtime.win-x64 | >=5.0.0<6.0.9 | 6.0.9 |
nuget/Microsoft.AspNetCore.App.Runtime.win-arm64 | >=5.0.0<6.0.9 | 6.0.9 |
nuget/Microsoft.AspNetCore.App.Runtime.win-arm | >=5.0.0<6.0.9 | 6.0.9 |
nuget/Microsoft.AspNetCore.App.Runtime.osx-x64 | >=5.0.0<6.0.9 | 6.0.9 |
nuget/Microsoft.AspNetCore.App.Runtime.osx-arm64 | >=5.0.0<6.0.9 | 6.0.9 |
nuget/Microsoft.AspNetCore.App.Runtime.linux-x64 | >=5.0.0<6.0.9 | 6.0.9 |
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | >=5.0.0<6.0.9 | 6.0.9 |
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | >=5.0.0<6.0.9 | 6.0.9 |
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm | >=5.0.0<6.0.9 | 6.0.9 |
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64 | >=5.0.0<6.0.9 | 6.0.9 |
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm | >=5.0.0<6.0.9 | 6.0.9 |
nuget/Microsoft.AspNetCore.App.Runtime.win-x86 | >=3.1.0<3.1.29 | 3.1.29 |
nuget/Microsoft.AspNetCore.App.Runtime.win-x64 | >=3.1.0<3.1.29 | 3.1.29 |
nuget/Microsoft.AspNetCore.App.Runtime.win-arm64 | >=3.1.0<3.1.29 | 3.1.29 |
nuget/Microsoft.AspNetCore.App.Runtime.win-arm | >=3.1.0<3.1.29 | 3.1.29 |
nuget/Microsoft.AspNetCore.App.Runtime.osx-x64 | >=3.1.0<3.1.29 | 3.1.29 |
nuget/Microsoft.AspNetCore.App.Runtime.linux-x64 | >=3.1.0<3.1.29 | 3.1.29 |
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | >=3.1.0<3.1.29 | 3.1.29 |
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | >=3.1.0<3.1.29 | 3.1.29 |
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64 | >=3.1.0<3.1.29 | 3.1.29 |
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm | >=3.1.0<3.1.29 | 3.1.29 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-38013 is a denial of service vulnerability in .NET Core and Visual Studio.
The affected software includes Microsoft .NET 6.0.0, Microsoft .NET Core 3.1, Microsoft Visual Studio 2019 versions 16.9 and 16.11, and Microsoft Visual Studio 2022 versions 17.0, 17.2, and 17.3.
CVE-2022-38013 has a severity rating of high (7.5).
To fix CVE-2022-38013, it is recommended to update to the latest versions of the affected software.
You can find more information about CVE-2022-38013 at the following references: [link 1](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY/), [link 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE/), [link 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y/)