AlmaLinux 9 : .NET 9.0 (ALSA-2024:9543)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:9543 advisory. dotnet: Type confusion vulnerability leads to AV in .NET Core NrbfDecoder component CVE-2024-43498 dotnet: .NET Core - DoS - unbounded work factor in...

dotnet: Type confusion vulnerability leads to AV in .NET Core NrbfDecoder component

A type confusion vulnerability was found in .NET 9.0 Core in .NET that leads to AV in the .NET Core NrbfDecoder component...

CVE-2024-43499

A vulnerability was found in .NET. Specifically .NET 9.0 Core - DoS - unbounded work factor in NrbfDecoder component Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and...

CVE-2024-43498

A type confusion vulnerability was found in .NET 9.0 Core in .NET that leads to AV in the .NET Core NrbfDecoder component. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and...

Ubuntu: Security Advisory (USN-7105-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.100 and .NET Runtime 9.0.1.0...

ALSA-2024:9543 Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.100 and .NET Runtime 9.0.1.0...

GHSA-V7VF-F5Q6-M899 .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2024-43498 | .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applicatio...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview System.Formats.Nrbf is a package that exposes only one component: NrbfDecoder: a stateless, forward-only decoder class that can decode .NET Remoting Binary Format NRBF binary data from a stream. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Typ...

.NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2024-43498 | .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applicatio...

GHSA-6X36-QXMJ-RV4P .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-43499 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applications t...

Unchecked Input for Loop Condition

Overview System.Formats.Nrbf is a package that exposes only one component: NrbfDecoder: a stateless, forward-only decoder class that can decode .NET Remoting Binary Format NRBF binary data from a stream. Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via th...

.NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-43499 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applications t...

USN-7105-1: .NET vulnerabilities

It was discovered that the NrbfDecoder component in .NET did not properly handle an instance of a type confusion vulnerability. An authenticated attacker could possibly use this issue to gain the privileges of another user and execute arbitrary code. CVE-2024-43498 It was discovered that the...

USN-7105-1 dotnet9 vulnerabilities

It was discovered that the NrbfDecoder component in .NET did not properly handle an instance of a type confusion vulnerability. An authenticated attacker could possibly use this issue to gain the privileges of another user and execute arbitrary code. CVE-2024-43498 It was discovered that the...