What is the severity of CVE-2023-35390?

.NET vulnerabilities are classified as critical, which indicates a high risk of exploitation and potential for remote code execution.

How does CVE-2023-35390 impact Ubuntu 23.04?

CVE-2023-35390 affects .NET packages in Ubuntu 23.04, including aspnetcore-runtime-6.0, aspnetcore-runtime-7.0, dotnet-host, dotnet-host-7.0, dotnet-hostfxr-6.0, dotnet-hostfxr-7.0, dotnet-runtime-6.0, dotnet-runtime-7.0, dotnet-sdk-6.0, dotnet-sdk-7.0, dotnet6, and dotnet7.

How can I fix the CVE-2023-35390 vulnerability in Ubuntu 23.04?

To fix the vulnerability, update the affected .NET packages to the remedy versions provided by Ubuntu: aspnetcore-runtime-6.0 (6.0.121-0ubuntu1~23.04.1), aspnetcore-runtime-7.0 (7.0.110-0ubuntu1~23.04.1), dotnet-host (6.0.121-0ubuntu1~23.04.1), dotnet-host-7.0 (7.0.110-0ubuntu1~23.04.1), dotnet-hostfxr-6.0 (6.0.121-0ubuntu1~23.04.1), dotnet-hostfxr-7.0 (7.0.110-0ubuntu1~23.04.1), dotnet-runtime-6.0 (6.0.121-0ubuntu1~23.04.1), dotnet-runtime-7.0 (7.0.110-0ubuntu1~23.04.1), dotnet-sdk-6.0 (6.0.121-0ubuntu1~23.04.1), dotnet-sdk-7.0 (7.0.110-0ubuntu1~23.04.1), dotnet6 (6.0.121-0ubuntu1~23.04.1), and dotnet7 (7.0.110-0ubuntu1~23.04.1).

Where can I find more information about CVE-2023-35390?

More information about CVE-2023-35390 can be found at the following link: [CVE-2023-35390](https://ubuntu.com/security/CVE-2023-35390).

Are there any other related vulnerabilities?

Yes, there are other related vulnerabilities: CVE-2023-38180 and CVE-2023-38178. More information about these vulnerabilities can be found at the following links: [CVE-2023-38180](https://ubuntu.com/security/CVE-2023-38180) and [CVE-2023-38178](https://ubuntu.com/security/CVE-2023-38178).

Vulnerability/
USN-6278-1

8/8/2023

USN-6278-1: .NET vulnerabilities

First published: Tue Aug 08 2023(Updated: )

It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. (CVE-2023-35390) Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-38178) It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-38180)

Affected Software	Affected Version	How to fix
All of
ubuntu/aspnetcore-runtime-6.0	<6.0.121-0ubuntu1~23.04.1	6.0.121-0ubuntu1~23.04.1
	=23.04
All of
ubuntu/aspnetcore-runtime-7.0	<7.0.110-0ubuntu1~23.04.1	7.0.110-0ubuntu1~23.04.1
	=23.04
All of
ubuntu/dotnet-host	<6.0.121-0ubuntu1~23.04.1	6.0.121-0ubuntu1~23.04.1
	=23.04
All of
ubuntu/dotnet-host-7.0	<7.0.110-0ubuntu1~23.04.1	7.0.110-0ubuntu1~23.04.1
	=23.04
All of
ubuntu/dotnet-hostfxr-6.0	<6.0.121-0ubuntu1~23.04.1	6.0.121-0ubuntu1~23.04.1
	=23.04
All of
ubuntu/dotnet-hostfxr-7.0	<7.0.110-0ubuntu1~23.04.1	7.0.110-0ubuntu1~23.04.1
	=23.04
All of
ubuntu/dotnet-runtime-6.0	<6.0.121-0ubuntu1~23.04.1	6.0.121-0ubuntu1~23.04.1
	=23.04
All of
ubuntu/dotnet-runtime-7.0	<7.0.110-0ubuntu1~23.04.1	7.0.110-0ubuntu1~23.04.1
	=23.04
All of
ubuntu/dotnet-sdk-6.0	<6.0.121-0ubuntu1~23.04.1	6.0.121-0ubuntu1~23.04.1
	=23.04
All of
ubuntu/dotnet-sdk-7.0	<7.0.110-0ubuntu1~23.04.1	7.0.110-0ubuntu1~23.04.1
	=23.04
All of
ubuntu/dotnet6	<6.0.121-0ubuntu1~23.04.1	6.0.121-0ubuntu1~23.04.1
	=23.04
All of
ubuntu/dotnet7	<7.0.110-0ubuntu1~23.04.1	7.0.110-0ubuntu1~23.04.1
	=23.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2023-35390?
.NET vulnerabilities are classified as critical, which indicates a high risk of exploitation and potential for remote code execution.
How does CVE-2023-35390 impact Ubuntu 23.04?
CVE-2023-35390 affects .NET packages in Ubuntu 23.04, including aspnetcore-runtime-6.0, aspnetcore-runtime-7.0, dotnet-host, dotnet-host-7.0, dotnet-hostfxr-6.0, dotnet-hostfxr-7.0, dotnet-runtime-6.0, dotnet-runtime-7.0, dotnet-sdk-6.0, dotnet-sdk-7.0, dotnet6, and dotnet7.
How can I fix the CVE-2023-35390 vulnerability in Ubuntu 23.04?
To fix the vulnerability, update the affected .NET packages to the remedy versions provided by Ubuntu: aspnetcore-runtime-6.0 (6.0.121-0ubuntu1~23.04.1), aspnetcore-runtime-7.0 (7.0.110-0ubuntu1~23.04.1), dotnet-host (6.0.121-0ubuntu1~23.04.1), dotnet-host-7.0 (7.0.110-0ubuntu1~23.04.1), dotnet-hostfxr-6.0 (6.0.121-0ubuntu1~23.04.1), dotnet-hostfxr-7.0 (7.0.110-0ubuntu1~23.04.1), dotnet-runtime-6.0 (6.0.121-0ubuntu1~23.04.1), dotnet-runtime-7.0 (7.0.110-0ubuntu1~23.04.1), dotnet-sdk-6.0 (6.0.121-0ubuntu1~23.04.1), dotnet-sdk-7.0 (7.0.110-0ubuntu1~23.04.1), dotnet6 (6.0.121-0ubuntu1~23.04.1), and dotnet7 (7.0.110-0ubuntu1~23.04.1).
Where can I find more information about CVE-2023-35390?
More information about CVE-2023-35390 can be found at the following link: [CVE-2023-35390](https://ubuntu.com/security/CVE-2023-35390).
Are there any other related vulnerabilities?
Yes, there are other related vulnerabilities: CVE-2023-38180 and CVE-2023-38178. More information about these vulnerabilities can be found at the following links: [CVE-2023-38180](https://ubuntu.com/security/CVE-2023-38180) and [CVE-2023-38178](https://ubuntu.com/security/CVE-2023-38178).

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/usn
source/Ubuntu
anchor-related/USN-6278-2
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/23.04