Vulnerability-Lookup

BDU:2024-01701

Vulnerability from fstec - Published: 13.02.2024

Title

Уязвимость программной платформы Microsoft .NET, связанная с ошибками разыменования указателей, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость программной платформы Microsoft .NET связана с ошибками разыменования указателей. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Microsoft Corp

Software Name

ASP.NET Core, Microsoft Visual Studio 2022

Software Version

6.0 (ASP.NET Core), 17.4 (Microsoft Visual Studio 2022), 17.6 (Microsoft Visual Studio 2022), 7.0 (ASP.NET Core), 8.0 (ASP.NET Core), 17.8 (Microsoft Visual Studio 2022)

Possible Mitigations

Использование рекомендаций: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386

CWE

CWE-476

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO1060, TO1061, TO1062, TO1063, TO1064, TO1065, TO1066, TO1067, TO1068, TO1069, TO1070, TO1071, TO1072, TO1073, TO1074, TO1075, TO1076, TO1078, TO1154",
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO1060 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 6.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 aspnetcore-runtime-6.0.27) (KB5035119), TO1061 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 6.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 dotnet-hosting-6.0.27) (KB5035119), TO1062 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 6.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 dotnet-runtime-6.0.27) (KB5035119), TO1063 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 6.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 dotnet-sdk-6.0.127) (KB5035119), TO1064 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 6.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 dotnet-sdk-6.0.419) (KB5035119), TO1065 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 6.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 windowsdesktop-runtime-6.0.27) (KB5035119), TO1066 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 7.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 aspnetcore-runtime-7.0.16) (KB5035120), TO1067 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 7.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 dotnet-hosting-7.0.16) (KB5035120), TO1068 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 7.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 dotnet-runtime-7.0.16) (KB5035120), TO1069 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 7.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 dotnet-sdk-7.0.116) (KB5035120), TO1070 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 7.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 dotnet-sdk-7.0.313) (KB5035120), TO1071 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 7.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 dotnet-sdk-7.0.406) (KB5035120), TO1072 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 7.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 windowsdesktop-runtime-7.0.16) (KB5035120), TO1073 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 8.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 aspnetcore-runtime-8.0.2) (KB5035121), TO1074 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 8.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 dotnet-hosting-8.0.2) (KB5035121), TO1075 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 8.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 dotnet-runtime-8.0.2) (KB5035121), TO1076 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 8.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 dotnet-sdk-8.0.102) (KB5035121), TO1078 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 8.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 windowsdesktop-runtime-8.0.2) (KB5035121), TO1154 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 8.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 dotnet-sdk-8.0.200)",
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6.0 (ASP.NET Core), 17.4 (Microsoft Visual Studio 2022), 17.6 (Microsoft Visual Studio 2022), 7.0 (ASP.NET Core), 8.0 (ASP.NET Core), 17.8 (Microsoft Visual Studio 2022)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439: \nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "15.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.03.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-01701",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-21386",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "ASP.NET Core, Microsoft Visual Studio 2022",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Microsoft .NET, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Microsoft .NET \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2024-21386 (GCVE-0-2024-21386)

Vulnerability from cvelistv5 – Published: 2024-02-13 18:02 – Updated: 2025-05-03 01:37

Title

.NET Denial of Service Vulnerability

Summary

.NET Denial of Service Vulnerability

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

microsoft

References

URL

Tags

https://msrc.microsoft.com/update-guide/vulnerabi…

vendor-advisory

Impacted products

Vendor

Product

Version

Microsoft

ASP.NET Core 6.0

Affected: 6.0 , < 6.0.27 (custom)

Microsoft	ASP.NET Core 7.0	Affected: 7.0.0 , < 7.0.16 (custom)
Microsoft	ASP.NET Core 8.0	Affected: 8.0 , < 8.0.2 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.4	Affected: 17.4.0 , < 17.4.16 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.6	Affected: 17.6.0 , < 17.6.12 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.8	Affected: 17.8.0 , < 17.8.7 (custom)

Date Public ?

2024-02-13 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21386",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-21T20:15:43.069264Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:00.305Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:20:40.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": ".NET Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "ASP.NET Core 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.27",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "ASP.NET Core 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.16",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "ASP.NET Core 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.2",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.16",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.12",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.7",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.27",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.16",
                  "versionStartIncluding": "7.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.2",
                  "versionStartIncluding": "8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.4.16",
                  "versionStartIncluding": "17.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.12",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.8.7",
                  "versionStartIncluding": "17.8.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-02-13T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET Denial of Service Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T01:37:46.060Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386"
        }
      ],
      "title": ".NET Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-21386",
    "datePublished": "2024-02-13T18:02:20.218Z",
    "dateReserved": "2023-12-08T22:45:20.453Z",
    "dateUpdated": "2025-05-03T01:37:46.060Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-01701

CVE-2024-21386 (GCVE-0-2024-21386)

Tags

Sightings

Nomenclature