Lucene search

K

GoogleOSV:ALSA-2024:4438

HistoryJul 09, 2024 - 12:00 a.m.

Moderate: dotnet6.0 security update

2024-07-0900:00:00

Google

osv.dev

3

.net

6.0

security

update

x.509

parsing

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.132 and Runtime 6.0.32.

Security Fix(es):

dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

access.redhat.com/errata/RHSA-2024:4438

access.redhat.com/security/cve/CVE-2024-38095

bugzilla.redhat.com/2295323

errata.almalinux.org/8/ALSA-2024-4438.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Related for OSV:ALSA-2024:4438

nessus20 redhatcve1 osv10 nvd1 mscve1 vulnrichment1 redhat5 almalinux4 oraclelinux4 github1 cvelist1 wolfi1 ubuntucve1 veracode1 cve1 alpinelinux1 rocky2 redos1 mskb1 openvas2 ubuntu1 kaspersky1 rapid7blog1