CVE-2024-38095

2024-07-0900:00:00

ubuntu.com

cve-2024-38095

denial of service

parsing

x.509

content

objectidentifiers

.net 7

end of life

upstream

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

27.4%

JSON

.NET and Visual Studio Denial of Service Vulnerability

Notes

Author	Note
iconstantin	.NET 7 is end of life upstream.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchdotnet6< 6.0.132-0ubuntu1~22.04.1UNKNOWN
ubuntu23.10noarchdotnet6< 6.0.132-0ubuntu1~23.10.1UNKNOWN
ubuntu22.04noarchdotnet8< 8.0.107-8.0.7-0ubuntu1~22.04.1UNKNOWN
ubuntu23.10noarchdotnet8< 8.0.107-8.0.7-0ubuntu1~23.10.1UNKNOWN
ubuntu24.04noarchdotnet8< 8.0.107-8.0.7-0ubuntu1~24.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	dotnet6	< 6.0.132-0ubuntu1~22.04.1	UNKNOWN
ubuntu	23.10	noarch	dotnet6	< 6.0.132-0ubuntu1~23.10.1	UNKNOWN
ubuntu	22.04	noarch	dotnet8	< 8.0.107-8.0.7-0ubuntu1~22.04.1	UNKNOWN
ubuntu	23.10	noarch	dotnet8	< 8.0.107-8.0.7-0ubuntu1~23.10.1	UNKNOWN
ubuntu	24.04	noarch	dotnet8	< 8.0.107-8.0.7-0ubuntu1~24.04.1	UNKNOWN