What is the severity of CVE-2024-38229?

CVE-2024-38229 is classified with a high severity rating due to its potential for remote code execution.

How do I fix CVE-2024-38229?

To fix CVE-2024-38229, update your Visual Studio 2022 to version 17.10 or later, or update .NET 8.0 to version 8.0.10 or later.

Which versions of Visual Studio are affected by CVE-2024-38229?

CVE-2024-38229 affects Visual Studio 2022 versions 17.6, 17.8, and 17.10.

Is .NET 8.0 affected by CVE-2024-38229?

Yes, .NET 8.0 installed on Windows, Linux, and Mac OS is affected by CVE-2024-38229.

What type of vulnerability is CVE-2024-38229?

CVE-2024-38229 is a remote code execution vulnerability that can allow an attacker to execute arbitrary code on affected systems.

Vulnerability/
CVE-2024-38229

high

8.1

CWE

416 362

2/10/2024

8/10/2024

29/1/2025

CVE-2024-38229: .NET and Visual Studio Remote Code Execution Vulnerability

First published: Wed Oct 02 2024(Updated: )

.NET and Visual Studio Remote Code Execution Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
nuget/Microsoft.AspNetCore.App.Runtime.win-x86	>=8.0.0<=8.0.8	8.0.10
nuget/Microsoft.AspNetCore.App.Runtime.win-x86	>=9.0.0-preview.1.24081.5<=9.0.0-rc.1.24452.1	9.0.0-rc.2.24474.3
nuget/Microsoft.AspNetCore.App.Runtime.win-x64	>=8.0.0<=8.0.8	8.0.10
nuget/Microsoft.AspNetCore.App.Runtime.win-x64	>=9.0.0-preview.1.24081.5<=9.0.0-rc.1.24452.1	9.0.0-rc.2.24474.3
nuget/Microsoft.AspNetCore.App.Runtime.win-arm64	>=8.0.0<=8.0.8	8.0.10
nuget/Microsoft.AspNetCore.App.Runtime.win-arm64	>=9.0.0-preview.1.24081.5<=9.0.0-rc.1.24452.1	9.0.0-rc.2.24474.3
nuget/Microsoft.AspNetCore.App.Runtime.win-arm	>=8.0.0<=8.0.8	8.0.10
nuget/Microsoft.AspNetCore.App.Runtime.win-arm	>=9.0.0-preview.1.24081.5<=9.0.0-rc.1.24452.1	9.0.0-rc.2.24474.3
nuget/Microsoft.AspNetCore.App.Runtime.osx-x64	>=8.0.0<=8.0.8	8.0.10
nuget/Microsoft.AspNetCore.App.Runtime.osx-x64	>=9.0.0-preview.1.24081.5<=9.0.0-rc.1.24452.1	9.0.0-rc.2.24474.3
nuget/Microsoft.AspNetCore.App.Runtime.osx-arm64	>=8.0.0<=8.0.8	8.0.10
nuget/Microsoft.AspNetCore.App.Runtime.osx-arm64	>=9.0.0-preview.1.24081.5<=9.0.0-rc.1.24452.1	9.0.0-rc.2.24474.3
nuget/Microsoft.AspNetCore.App.Runtime.linux-x64	>=8.0.0<=8.0.8	8.0.10
nuget/Microsoft.AspNetCore.App.Runtime.linux-x64	>=9.0.0-preview.1.24081.5<=9.0.0-rc.1.24452.1	9.0.0-rc.2.24474.3
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-x64	>=8.0.0<=8.0.8	8.0.10
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-x64	>=9.0.0-preview.1.24081.5<=9.0.0-rc.1.24452.1	9.0.0-rc.2.24474.3
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	>=8.0.0<=8.0.8	8.0.10
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	>=9.0.0-preview.1.24081.5<=9.0.0-rc.1.24452.1	9.0.0-rc.2.24474.3
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm	>=8.0.0<=8.0.8	8.0.10
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm	>=9.0.0-preview.1.24081.5<=9.0.0-rc.1.24452.1	9.0.0-rc.2.24474.3
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64	>=8.0.0<=8.0.8	8.0.10
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64	>=9.0.0-preview.1.24081.5<=9.0.0-rc.1.24452.1	9.0.0-rc.2.24474.3
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm	>=8.0.0<=8.0.8	8.0.10
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm	>=9.0.0-preview.1.24081.5<=9.0.0-rc.1.24452.1	9.0.0-rc.2.24474.3
Microsoft .NET 8.0		fix available externally
Microsoft Visual Studio	=17.10	fix available externally
Microsoft Visual Studio	=17.8	fix available externally
Microsoft Visual Studio	=17.6	fix available externally
Microsoft .NET 8.0		fix available externally
Microsoft .NET 8.0		fix available externally
Microsoft Visual Studio	>=17.6.0<17.6.20
Microsoft Visual Studio	>=17.8.0<17.8.15
Microsoft Visual Studio	>=17.10.0<17.10.8
Microsoft Visual Studio	>=17.11.0<17.11.5
All of
Microsoft .NET Framework	>=8.0.0<8.0.10
Any of
Apple iOS and macOS
Linux kernel
Microsoft Windows

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38229

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-38229?
CVE-2024-38229 is classified with a high severity rating due to its potential for remote code execution.
How do I fix CVE-2024-38229?
To fix CVE-2024-38229, update your Visual Studio 2022 to version 17.10 or later, or update .NET 8.0 to version 8.0.10 or later.
Which versions of Visual Studio are affected by CVE-2024-38229?
CVE-2024-38229 affects Visual Studio 2022 versions 17.6, 17.8, and 17.10.
Is .NET 8.0 affected by CVE-2024-38229?
Yes, .NET 8.0 installed on Windows, Linux, and Mac OS is affected by CVE-2024-38229.
What type of vulnerability is CVE-2024-38229?
CVE-2024-38229 is a remote code execution vulnerability that can allow an attacker to execute arbitrary code on affected systems.

agent/title
agent/type
agent/author
agent/severity
agent/references
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-7vw9-cfwx-9gx9
alias/CVE-2024-38229
agent/software-canonical-lookup
agent/weakness
collector/msrc
source/Microsoft
collector/msrc-cve
collector/usn-cve
source/Ubuntu
agent/description
collector/security-tracker-debian
source/Debian
collector/redhat-bugzilla
source/Red Hat
collector/github-advisory
agent/remedy
agent/event
agent/trending
agent/source
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/softwarecombine
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
collector/nvd-api
package-manager/nuget
vendor/microsoft
canonical/microsoft .net 8.0
canonical/microsoft visual studio
version/microsoft visual studio/17.10
version/microsoft visual studio/17.8
version/microsoft visual studio/17.11
version/microsoft visual studio/17.6
version/microsoft visual studio/17.6.0
version/microsoft visual studio/17.8.0
version/microsoft visual studio/17.10.0
version/microsoft visual studio/17.11.0
canonical/microsoft .net framework
version/microsoft .net framework/8.0.0
vendor/apple
canonical/apple ios and macos
vendor/linux
canonical/linux kernel
canonical/microsoft windows