RockyLinux 8 : .NET 6.0 (RLSA-2024:7851)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:7851 advisory. dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList CVE-2024-43484 dotnet: Multiple .NET components susceptible to hash flooding...

Denial Of Service (DoS)

The System.IO.Packaging library is vulnerable to Denial Of Service DoS. The vulnerability is due to the inadequate validation of untrusted inputs by the System.IO.Packaging library, allowing attackers to exploit complex operations and exhaust system resources...

Important: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, and Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support. Red Hat Product Security has rated this update as...

dotnet: Multiple .NET components susceptible to hash flooding

A flaw was found in dotnet. The System.Security.Cryptography.Cose, System.IO.Packaging and System.Runtime.Caching components may be exposed to hostile input, making them susceptible to hash flooding attacks, resulting in denial of service...

RHEL 9 : .NET 6.0 (RHSA-2024:8048)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8048 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

AlmaLinux 9 : .NET 6.0 (ALSA-2024:7867)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:7867 advisory. dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList CVE-2024-43484 dotnet: Denial of Service in System.Text.Json CVE-2024-43485 dotnet...

AlmaLinux 8 : .NET 6.0 (ALSA-2024:7851)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:7851 advisory. dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList CVE-2024-43484 dotnet: Multiple .NET components susceptible to hash flooding...

dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList

A flaw was found in dotnet. The System.IO.Packaging library may allow untrusted inputs to influence algorithmically complex operations, resulting in a denial of service...

GHSA-F32C-W444-8PPV Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.IO.Packaging. This advisory also provides guidance on what developers can do to update their...

Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.IO.Packaging. This advisory also provides guidance on what developers can do to update their...

Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.Security.Cryptography.Cose, System.IO.Packaging, Microsoft.Extensions.Caching.Memory. This...

GHSA-QJ66-M88J-HMGJ Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.Security.Cryptography.Cose, System.IO.Packaging, Microsoft.Extensions.Caching.Memory. This...

Ubuntu 22.04 LTS / 24.04 LTS : .NET vulnerabilities (USN-7058-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7058-1 advisory. Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An...