Vulnerability CVE-2023-28260: Information

Description

.NET DLL Hijacking Remote Code Execution Vulnerability

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-28260
Published: April 12, 2023
Modified: April 18, 2023

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
dotnet-bootstrap-6.0sisyphus6.0.20-alt16.0.25-alt1ALT-PU-2023-4590-2325725Fixed
dotnet-bootstrap-6.0p106.0.20-alt16.0.25-alt1ALT-PU-2023-4594-3325731Fixed
dotnet-bootstrap-7.0sisyphus7.0.9-alt17.0.17-alt1ALT-PU-2023-4592-2325727Fixed
dotnet-bootstrap-7.0p107.0.9-alt17.0.14-alt1ALT-PU-2023-4610-3325842Fixed
dotnet-runtime-6.0sisyphus6.0.20-alt16.0.25-alt1ALT-PU-2023-4591-2325725Fixed
dotnet-runtime-6.0p106.0.20-alt16.0.25-alt1ALT-PU-2023-4595-3325731Fixed
dotnet-runtime-7.0sisyphus7.0.9-alt17.0.17-alt1ALT-PU-2023-4593-2325727Fixed
dotnet-runtime-7.0p107.0.9-alt17.0.14-alt1ALT-PU-2023-4611-3325842Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28260
  • Patch
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
      Start including
      7.0.0
      End excliding
      7.0.5
      cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
      Start including
      17.5
      End excliding
      17.5.4
      cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
      Start including
      17.4
      End excliding
      17.4.7
      cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
      Start including
      17.2
      End excliding
      17.2.15
      cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
      Start including
      17.0
      End excliding
      17.0.21
      cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
      Start including
      6.0.0
      End excliding
      6.0.16
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top