Lucene search

K

GoogleOSV:USN-6578-1

HistoryJan 11, 2024 - 3:44 p.m.

dotnet6, dotnet7, dotnet8 vulnerabilities

2024-01-1115:44:28

Google

osv.dev

7

.net

vulnerabilities

certificate validation

unauthenticated clients

denial of service

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.6%

Vishal Mishra and Anita Gaud discovered that .NET did not properly
validate X.509 certificates with malformed signatures. An attacker
could possibly use this issue to bypass an application’s typical
authentication logic.
(CVE-2024-0057)

Morgan Brown discovered that .NET did not properly handle requests from
unauthenticated clients. An attacker could possibly use this issue to
cause a denial of service.
(CVE-2024-21319)

References

ubuntu.com/security/CVE-2024-0057

ubuntu.com/security/CVE-2024-21319

ubuntu.com/security/notices/USN-6578-1

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.6%

Related for OSV:USN-6578-1