First published: Wed Aug 02 2023(Updated: )
.NET and Visual Studio Denial of Service Vulnerability
Credit: secure@microsoft.com secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft ASP.NET Core | =2.1 | |
Microsoft .NET 6.0 | ||
ubuntu/dotnet6 | <6.0.121-0ubuntu1~23.04.1 | 6.0.121-0ubuntu1~23.04.1 |
ubuntu/dotnet6 | <6.0.21 | 6.0.21 |
ubuntu/dotnet6 | <6.0.121-0ubuntu1~22.04.1 | 6.0.121-0ubuntu1~22.04.1 |
ubuntu/dotnet7 | <7.0.110-0ubuntu1~23.04.1 | 7.0.110-0ubuntu1~23.04.1 |
ubuntu/dotnet7 | <7.0.10 | 7.0.10 |
ubuntu/dotnet7 | <7.0.110-0ubuntu1~22.04.1 | 7.0.110-0ubuntu1~22.04.1 |
redhat/.NET SDK | <6.0.121 | 6.0.121 |
redhat/.NET SDK | <7.0.110 | 7.0.110 |
redhat/.NET Runtime | <6.0.21 | 6.0.21 |
redhat/.NET Runtime | <7.0.10 | 7.0.10 |
Microsoft Visual Studio 2022 | =17.2 | |
Microsoft Visual Studio 2022 | =17.4 | |
Microsoft .NET | =6.0.0 | |
Microsoft .NET | =7.0.0 | |
Microsoft ASP.NET Core | =2.1 | |
Microsoft Visual Studio 2022 | >=17.2.0<17.2.18 | |
Microsoft Visual Studio 2022 | >=17.4.0<17.4.10 | |
Microsoft Visual Studio 2022 | >=17.6.0<17.6.6 | |
Microsoft .NET 7.0 | ||
Fedoraproject Fedora | =37 | |
Fedoraproject Fedora | =38 | |
nuget/Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets | <=2.1.39 | 2.1.40 |
nuget/Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv | <=2.1.39 | 2.1.40 |
nuget/Microsoft.AspNetCore.App.Runtime.win-x86 | >=6.0.0<=6.0.20 | 6.0.21 |
nuget/Microsoft.AspNetCore.App.Runtime.win-x64 | >=6.0.0<=6.0.20 | 6.0.21 |
nuget/Microsoft.AspNetCore.App.Runtime.win-arm64 | >=6.0.0<=6.0.20 | 6.0.21 |
nuget/Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv | >=6.0.0<=6.0.20 | 6.0.21 |
nuget/Microsoft.AspNetCore.App.Runtime.win-x86 | >=7.0.0<=7.0.9 | 7.0.10 |
nuget/Microsoft.AspNetCore.App.Runtime.win-x64 | >=7.0.0<=7.0.9 | 7.0.10 |
nuget/Microsoft.AspNetCore.App.Runtime.win-arm64 | >=7.0.0<=7.0.9 | 7.0.10 |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-38180.
The severity of CVE-2023-38180 is high, with a severity value of 7.5.
The affected products include Microsoft Visual Studio 2022 (version 17.2 and 17.6), .NET 6.0, and .NET 7.0.
To fix CVE-2023-38180, you can apply the necessary patches provided by Microsoft for the affected products (Visual Studio 2022, .NET 6.0, and .NET 7.0).
More information about CVE-2023-38180 can be found on the Microsoft Security Advisory page and the Debian security tracker.