Vulnerability CVE-2024-21404: Information

Description

.NET Denial of Service Vulnerability

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-21404
Published: Feb. 13, 2024
Modified: April 11, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
dotnet-bootstrap-7.0sisyphus7.0.17-alt17.0.17-alt1ALT-PU-2024-5998-2344471Fixed
dotnet-bootstrap-8.0sisyphus8.0.2-alt18.0.3-alt1ALT-PU-2024-2556-1341007In work
dotnet-bootstrap-8.0p108.0.2-alt18.0.2-alt1ALT-PU-2024-2556-1341007In work
dotnet-runtime-7.0sisyphus7.0.17-alt17.0.17-alt1ALT-PU-2024-6034-2344471Fixed
dotnet-runtime-8.0sisyphus8.0.2-alt18.0.3-alt1ALT-PU-2024-2554-2341007In work
dotnet-runtime-8.0p108.0.2-alt18.0.2-alt1ALT-PU-2024-2554-2341007In work
dotnet-sdk-8.0sisyphus8.0.102-alt18.0.103-alt1ALT-PU-2024-2557-2341007In work
dotnet-sdk-8.0p108.0.102-alt18.0.102-alt2ALT-PU-2024-2557-2341007In work

References to Advisories, Solutions, and Tools

Hyperlink
Resource
.NET Denial of Service Vulnerability
  • Patch
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*
      Start including
      8.0.0
      End excliding
      8.0.2
      cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*
      Start including
      7.0.0
      End excliding
      7.0.16
      cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*
      Start including
      6.0.0
      End excliding
      6.0.27
      cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
      Start including
      17.6.0
      End excliding
      17.6.12
      cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
      Start including
      17.4.0
      End excliding
      17.4.16
      cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
      Start including
      17.8.0
      End excliding
      17.8.7
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top