Lucene search

K
redhatRedHatRHSA-2023:0078
HistoryJan 11, 2023 - 4:25 p.m.

(RHSA-2023:0078) Moderate: .NET 6.0 security, bug fix, and enhancement update

2023-01-1116:25:45
CWE-121
access.redhat.com
26
.net framework
security vulnerability
update
clr implementation
cve-2023-21538
cvss score
acknowledgment
unix
rh-dotnet60-dotnet

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

56.0%

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13.

The following packages have been upgraded to a later upstream version: rh-dotnet60-dotnet (6.0.113). (BZ#2154455)

Security Fix(es):

  • dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process (CVE-2023-21538)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected configurations

Vulners
Node
redhatrh-dotnet60-dotnet-0Range6.0.113-1.el7_9
OR
redhatdotnet6.0Range6.0.113-1.el8_7
OR
redhatdotnet6.0Range6.0.113-1.el9_1
AND
redhatenterprise_linuxMatch8
OR
redhatenterprise_linuxMatch9
VendorProductVersionCPE
redhatrh-dotnet60-dotnet-0*cpe:2.3:a:redhat:rh-dotnet60-dotnet-0:*:*:*:*:*:*:*:*
redhatdotnet6.0*cpe:2.3:a:redhat:dotnet6.0:*:*:*:*:*:*:*:*
redhatenterprise_linux8cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
redhatenterprise_linux9cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

56.0%