Vulnerability CVE-2023-38180: Information

Description

.NET and Visual Studio Denial of Service Vulnerability

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-38180
Published: Aug. 8, 2023
Modified: Aug. 20, 2023

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
dotnet-bootstrap-6.0sisyphus6.0.25-alt16.0.25-alt1ALT-PU-2024-1069-2337852Fixed
dotnet-bootstrap-6.0p106.0.25-alt16.0.25-alt1ALT-PU-2024-2763-2341218Fixed
dotnet-bootstrap-7.0sisyphus7.0.14-alt17.0.17-alt1ALT-PU-2024-1066-2337851Fixed
dotnet-bootstrap-7.0p107.0.14-alt17.0.14-alt1ALT-PU-2024-2767-2341218Fixed
dotnet-runtime-6.0sisyphus6.0.25-alt16.0.25-alt1ALT-PU-2024-1068-2337852Fixed
dotnet-runtime-6.0p106.0.25-alt16.0.25-alt1ALT-PU-2024-2761-2341218Fixed
dotnet-runtime-7.0sisyphus7.0.14-alt17.0.17-alt1ALT-PU-2024-1067-2337851Fixed
dotnet-runtime-7.0p107.0.14-alt17.0.14-alt1ALT-PU-2024-2765-2341218Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180
  • Patch
  • Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V/
    https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY/

        1. Configuration 1

          cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*
          cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*
          cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*
          cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
          Start including
          17.2.0
          End excliding
          17.2.18
          cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
          Start including
          17.4.0
          End excliding
          17.4.10
          cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
          Start including
          17.6.0
          End excliding
          17.6.6
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.4.2
      Back to top