Vulnerability CVE-2022-23267: Information

Description

.NET and Visual Studio Denial of Service Vulnerability

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-23267

Published: May 11, 2022

Modified: Dec. 21, 2023

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
dotnet-bootstrap-3.1	p10	3.1.26-alt1	3.1.32-alt1	ALT-PU-2023-1307-1	315307	Fixed
dotnet-bootstrap-3.1	c10f1	3.1.26-alt1	3.1.32-alt1	ALT-PU-2023-1307-1	315307	Fixed
dotnet-bootstrap-5.0	p10	5.0.17-alt1	5.0.17-alt1	ALT-PU-2023-1464-1	316692	Fixed
dotnet-bootstrap-5.0	c10f1	5.0.17-alt1	5.0.17-alt1	ALT-PU-2023-1464-1	316692	Fixed
dotnet-bootstrap-6.0	sisyphus	6.0.7-alt1	6.0.25-alt1	ALT-PU-2022-2837-1	304807	Fixed
dotnet-bootstrap-6.0	p10	6.0.12-alt1	6.0.25-alt1	ALT-PU-2023-1305-1	315307	Fixed
dotnet-bootstrap-6.0	c10f1	6.0.12-alt1	6.0.12-alt1	ALT-PU-2023-1305-1	315307	Fixed
dotnet-bootstrap-6.0	p11	6.0.7-alt1	6.0.25-alt1	ALT-PU-2022-2837-1	304807	Fixed
dotnet-coreclr-3.1	p10	3.1.26-alt1	3.1.32-alt1	ALT-PU-2023-1308-1	315307	Fixed
dotnet-coreclr-3.1	c10f1	3.1.26-alt1	3.1.32-alt1	ALT-PU-2023-1308-1	315307	Fixed
dotnet-runtime-5.0	p10	5.0.17-alt1	5.0.17-alt1	ALT-PU-2023-1465-1	316692	Fixed
dotnet-runtime-5.0	c10f1	5.0.17-alt1	5.0.17-alt1	ALT-PU-2023-1465-1	316692	Fixed
dotnet-runtime-6.0	sisyphus	6.0.7-alt1	6.0.25-alt1	ALT-PU-2022-2838-1	304807	Fixed
dotnet-runtime-6.0	p10	6.0.12-alt2	6.0.25-alt1	ALT-PU-2023-1306-1	315307	Fixed
dotnet-runtime-6.0	c10f1	6.0.12-alt2	6.0.12-alt2	ALT-PU-2023-1306-1	315307	Fixed
dotnet-runtime-6.0	p11	6.0.7-alt1	6.0.25-alt1	ALT-PU-2022-2838-1	304807	Fixed
powershell	sisyphus	7.2.5-alt1	7.4.1-alt1	ALT-PU-2022-2263-1	303853	Fixed
powershell	p10	7.3.6-alt1	7.3.6-alt1	ALT-PU-2023-4713-2	325842	Fixed
powershell	p11	7.2.5-alt1	7.4.1-alt1	ALT-PU-2022-2263-1	303853	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267	Patch Vendor Advisory
FEDORA-2022-d69fee9f38
FEDORA-2022-9a1d5ea33c
FEDORA-2022-256d559f0c

Affected configurations:
1. Configuration 1
  cpe:2.3:a:microsoft:.net:5.0:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_core:3.1:-:*:*:*:*:*:*
  cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*
  cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
  Start including
  16.10
  End excliding
  16.11.14
  cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
  Start including
  16.0
  End excliding
  16.9.21
  cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*
  Start including
  7.0
  End excliding
  7.0.11
  cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*
  Start including
  7.2
  End excliding
  7.2.4
  
  Configuration 2
  cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla

Version: v24.5.3