github - ghsa-32q7-gv7f-4cg5

ghsa-32q7-gv7f-4cg5

Vulnerability from github

Published

2024-02-13 18:38

Modified

2024-04-15 19:42

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Duplicate Advisory: Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability

Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-g74q-5xw3-j7q9. This link is maintained to preserve external references.

Original Description

.NET Denial of Service Vulnerability

Show details on source website

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.0.26"
      },
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-arm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-13T19:49:31Z",
    "nvd_published_at": "2024-02-13T18:15:56Z",
    "severity": "HIGH"
  },
  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-g74q-5xw3-j7q9. This link is maintained to preserve external references.\n\n## Original Description\n.NET Denial of Service Vulnerability",
  "id": "GHSA-32q7-gv7f-4cg5",
  "modified": "2024-04-15T19:42:12Z",
  "published": "2024-02-13T18:38:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21386"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability",
  "withdrawn": "2024-02-13T19:49:31Z"
}

cve-2024-21386

Vulnerability from cvelistv5

Published

2024-02-13 18:02

Modified

2024-10-09 01:49

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

Summary

.NET Denial of Service Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	ASP.NET Core 6.0
	Microsoft	ASP.NET Core 7.0
	Microsoft	ASP.NET Core 8.0
	Microsoft	Microsoft Visual Studio 2022 version 17.4
	Microsoft	Microsoft Visual Studio 2022 version 17.6
	Microsoft	Microsoft Visual Studio 2022 version 17.8

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21386",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-21T20:15:43.069264Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:00.305Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:20:40.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": ".NET Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:asp.net_core:6.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "ASP.NET Core 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.27",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:asp.net_core:7.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "ASP.NET Core 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.16",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:asp.net_core:8.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "ASP.NET Core 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.2",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.16",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.12",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.7",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-02-13T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET Denial of Service Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:49:43.476Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386"
        }
      ],
      "title": ".NET Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-21386",
    "datePublished": "2024-02-13T18:02:20.218Z",
    "dateReserved": "2023-12-08T22:45:20.453Z",
    "dateUpdated": "2024-10-09T01:49:43.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.