Lucene search

K
osvGoogleOSV:ALSA-2024:2843
HistoryMay 15, 2024 - 12:00 a.m.

Important: .NET 7.0 security update

2024-05-1500:00:00
Google
osv.dev
13
.net framework
managed software
security update
stack buffer overrun
asp.net core
denial of service
cve page
clr implementation

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

17.0%

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19.

Security Fix(es):

  • dotnet: stack buffer overrun in Double Parse (CVE-2024-30045)
  • dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

17.0%