USN-7210-1: .NET vulnerabilities
First published: Thu Jan 16 2025(Updated: )
It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-21171) It was discovered that .NET did not properly handle an integer overflow when processing certain specially crafted files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-21172) Daniel Plaisted and Noah Gilson discovered that .NET insecurely handled temporary file usage which could result in malicious package dependency injection. An attacker could possibly use this issue to elevate privileges. (CVE-2025-21173) It was discovered that .NET did not properly perform input data validation when processing certain specially crafted files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-21176)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/aspnetcore-runtime-8.0 | <8.0.12-0ubuntu1~24.10.1 | 8.0.12-0ubuntu1~24.10.1 |
| Ubuntu Ubuntu | =24.10 | |
| All of | ||
| ubuntu/aspnetcore-runtime-9.0 | <9.0.1-0ubuntu1~24.10.1 | 9.0.1-0ubuntu1~24.10.1 |
| Ubuntu Ubuntu | =24.10 | |
| All of | ||
| ubuntu/dotnet-host-8.0 | <8.0.12-0ubuntu1~24.10.1 | 8.0.12-0ubuntu1~24.10.1 |
| Ubuntu Ubuntu | =24.10 | |
| All of | ||
| ubuntu/dotnet-host-9.0 | <9.0.1-0ubuntu1~24.10.1 | 9.0.1-0ubuntu1~24.10.1 |
| Ubuntu Ubuntu | =24.10 | |
| All of | ||
| ubuntu/dotnet-hostfxr-8.0 | <8.0.12-0ubuntu1~24.10.1 | 8.0.12-0ubuntu1~24.10.1 |
| Ubuntu Ubuntu | =24.10 | |
| All of | ||
| ubuntu/dotnet-hostfxr-9.0 | <9.0.1-0ubuntu1~24.10.1 | 9.0.1-0ubuntu1~24.10.1 |
| Ubuntu Ubuntu | =24.10 | |
| All of | ||
| ubuntu/dotnet-runtime-8.0 | <8.0.12-0ubuntu1~24.10.1 | 8.0.12-0ubuntu1~24.10.1 |
| Ubuntu Ubuntu | =24.10 | |
| All of | ||
| ubuntu/dotnet-runtime-9.0 | <9.0.1-0ubuntu1~24.10.1 | 9.0.1-0ubuntu1~24.10.1 |
| Ubuntu Ubuntu | =24.10 | |
| All of | ||
| ubuntu/dotnet-sdk-8.0 | <8.0.112-0ubuntu1~24.10.1 | 8.0.112-0ubuntu1~24.10.1 |
| Ubuntu Ubuntu | =24.10 | |
| All of | ||
| ubuntu/dotnet-sdk-9.0 | <9.0.102-0ubuntu1~24.10.1 | 9.0.102-0ubuntu1~24.10.1 |
| Ubuntu Ubuntu | =24.10 | |
| All of | ||
| ubuntu/dotnet8 | <8.0.112-8.0.12-0ubuntu1~24.10.1 | 8.0.112-8.0.12-0ubuntu1~24.10.1 |
| Ubuntu Ubuntu | =24.10 | |
| All of | ||
| ubuntu/dotnet9 | <9.0.102-9.0.1-0ubuntu1~24.10.1 | 9.0.102-9.0.1-0ubuntu1~24.10.1 |
| Ubuntu Ubuntu | =24.10 | |
| All of | ||
| ubuntu/aspnetcore-runtime-8.0 | <8.0.12-0ubuntu1~24.04.1 | 8.0.12-0ubuntu1~24.04.1 |
| Ubuntu Ubuntu | =24.04 | |
| All of | ||
| ubuntu/dotnet-host-8.0 | <8.0.12-0ubuntu1~24.04.1 | 8.0.12-0ubuntu1~24.04.1 |
| Ubuntu Ubuntu | =24.04 | |
| All of | ||
| ubuntu/dotnet-hostfxr-8.0 | <8.0.12-0ubuntu1~24.04.1 | 8.0.12-0ubuntu1~24.04.1 |
| Ubuntu Ubuntu | =24.04 | |
| All of | ||
| ubuntu/dotnet-runtime-8.0 | <8.0.12-0ubuntu1~24.04.1 | 8.0.12-0ubuntu1~24.04.1 |
| Ubuntu Ubuntu | =24.04 | |
| All of | ||
| ubuntu/dotnet-sdk-8.0 | <8.0.112-0ubuntu1~24.04.1 | 8.0.112-0ubuntu1~24.04.1 |
| Ubuntu Ubuntu | =24.04 | |
| All of | ||
| ubuntu/dotnet8 | <8.0.112-8.0.12-0ubuntu1~24.04.1 | 8.0.112-8.0.12-0ubuntu1~24.04.1 |
| Ubuntu Ubuntu | =24.04 | |
| All of | ||
| ubuntu/aspnetcore-runtime-8.0 | <8.0.12-0ubuntu1~22.04.1 | 8.0.12-0ubuntu1~22.04.1 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/dotnet-host-8.0 | <8.0.12-0ubuntu1~22.04.1 | 8.0.12-0ubuntu1~22.04.1 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/dotnet-hostfxr-8.0 | <8.0.12-0ubuntu1~22.04.1 | 8.0.12-0ubuntu1~22.04.1 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/dotnet-runtime-8.0 | <8.0.12-0ubuntu1~22.04.1 | 8.0.12-0ubuntu1~22.04.1 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/dotnet-sdk-8.0 | <8.0.112-0ubuntu1~22.04.1 | 8.0.112-0ubuntu1~22.04.1 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/dotnet8 | <8.0.112-8.0.12-0ubuntu1~22.04.1 | 8.0.112-8.0.12-0ubuntu1~22.04.1 |
| Ubuntu Ubuntu | =22.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2025-21176
- https://ubuntu.com/security/CVE-2025-21171
- https://ubuntu.com/security/CVE-2025-21173
- https://ubuntu.com/security/CVE-2025-21172
- https://launchpad.net/ubuntu/+source/dotnet8/8.0.112-8.0.12-0ubuntu1~24.10.1
- https://launchpad.net/ubuntu/+source/dotnet9/9.0.102-9.0.1-0ubuntu1~24.10.1
- https://launchpad.net/ubuntu/+source/dotnet8/8.0.112-8.0.12-0ubuntu1~24.04.1
- https://launchpad.net/ubuntu/+source/dotnet8/8.0.112-8.0.12-0ubuntu1~22.04.1
- https://ubuntu.com/security/notices/USN-7210-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/title
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/softwarecombine
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- agent/source
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/24.10
- version/ubuntu ubuntu/24.04
- version/ubuntu ubuntu/22.04