Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability

🗓️ 08 Oct 2024 20:25:19Reported by GitHub Advisory DatabaseType

Microsoft .NET System.Text.Json 6.0.x & 8.0.x Denial of Service Vulnerability Advisor

Reporter	Title	Published	Views	Family All 157
Tenable Nessus	Amazon Linux 2023 : aspnetcore-runtime-6.0, aspnetcore-targeting-pack-6.0, dotnet (ALAS2023-2024-776)	11 Dec 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2024-777)	11 Dec 202400:00	–	nessus
Tenable Nessus	AlmaLinux 8 : .NET 6.0 (ALSA-2024:7851)	10 Oct 202400:00	–	nessus
Tenable Nessus	AlmaLinux 9 : .NET 6.0 (ALSA-2024:7867)	11 Oct 202400:00	–	nessus
Tenable Nessus	AlmaLinux 8 : .NET 8.0 (ALSA-2024:7868)	10 Oct 202400:00	–	nessus
Tenable Nessus	AlmaLinux 9 : .NET 8.0 (ALSA-2024:7869)	11 Oct 202400:00	–	nessus
Tenable Nessus	MiracleLinux 8 : dotnet6.0-6.0.135-1.el8_10.ML.1 (AXSA:2024-8895:16)	20 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 8 : dotnet8.0-8.0.110-1.el8_10.ML.1 (AXSA:2024-8896:17)	20 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 9 : dotnet8.0-8.0.110-1.el9_4.ML.1 (AXSA:2024-8897:18)	20 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 9 : dotnet6.0-6.0.135-1.el9_4.ML.1 (AXSA:2024-8898:17)	20 Jan 202600:00	–	nessus

Vulners

Node

system.text.jsonRange6.0.0–6.0.9nuget

system.text.jsonRange8.0.0–8.0.4nuget

Source	Link
github	www.github.com/dotnet/runtime/security/advisories/GHSA-8g4q-xg66-9fp4
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-43485
github	www.github.com/dotnet/announcements/issues/329
github	www.github.com/dotnet/runtime/issues/108678
msrc	www.msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43485
github	www.github.com/advisories/GHSA-8g4q-xg66-9fp4

24 Oct 2024 16:11Current

7.5High risk

Vulners AI Score7.5

CVSS 3.17.5

EPSS0.00738

SSVC