Lucene search
HistoryMay 10, 2022 - 9:15 p.m.
CVE-2022-29117
.net
visual studio
denial of service
vulnerability
cve-2022-29117
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.0%
.NET and Visual Studio Denial of Service Vulnerability
Affected configurations
Node
microsoft.net_6.0Range6.0.0–6.0.5
ORmicrosoft.net_core_3.1Range3.1–3.1.25
ORmicrosoft.net_5.0Range5.0.0–5.0.17
ORmicrosoftmicrosoft_visual_studio_2022_17.0Range17.0.0–17.0.10
ORmicrosoftmicrosoft_visual_studio_2019_16.9 (includes 16.0 - 16.8)Range15.0.0–16.9.21
ORmicrosoftmicrosoft_visual_studio_2022_17.1Range17.0.0–17.1.7
ORmicrosoftmicrosoft_visual_studio_2019_16.11 (includes 16.0 - 16.10)Range16.11.0–16.11.14
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | .net_6.0 | * | cpe:2.3:a:microsoft:.net_6.0:*:*:*:*:*:*:*:* |
| microsoft | .net_core_3.1 | * | cpe:2.3:a:microsoft:.net_core_3.1:*:*:*:*:*:*:*:* |
| microsoft | .net_5.0 | * | cpe:2.3:a:microsoft:.net_5.0:*:*:*:*:*:*:*:* |
| microsoft | microsoft_visual_studio_2022_17.0 | * | cpe:2.3:a:microsoft:microsoft_visual_studio_2022_17.0:*:*:*:*:*:*:*:* |
| microsoft | microsoft_visual_studio_2019_16.9 (includes 16.0 - 16.8) | * | cpe:2.3:a:microsoft:microsoft_visual_studio_2019_16.9 (includes 16.0 - 16.8):*:*:*:*:*:*:*:* |
| microsoft | microsoft_visual_studio_2022_17.1 | * | cpe:2.3:a:microsoft:microsoft_visual_studio_2022_17.1:*:*:*:*:*:*:*:* |
| microsoft | microsoft_visual_studio_2019_16.11 (includes 16.0 - 16.10) | * | cpe:2.3:a:microsoft:microsoft_visual_studio_2019_16.11 (includes 16.0 - 16.10):*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Microsoft",
"product": ".NET 6.0",
"cpes": [
"cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "6.0.0",
"lessThan": "6.0.5",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": ".NET Core 3.1",
"cpes": [
"cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "3.1",
"lessThan": "3.1.25",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": ".NET 5.0",
"cpes": [
"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "5.0.0",
"lessThan": "5.0.17",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Visual Studio 2022 version 17.0",
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "17.0.0",
"lessThan": "17.0.10",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "15.0.0",
"lessThan": "16.9.21",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Visual Studio 2022 version 17.1",
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "17.0.0",
"lessThan": "17.1.7",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "16.11.0",
"lessThan": "16.11.14",
"versionType": "custom",
"status": "affected"
}
]
}
]References
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117
Social References
More
Related
veracode
veracode
Denial Of Service (DoS)
2022-06-02 20:55:36
nvd
nvd
CVE-2022-29117
2022-05-10 21:15:11
redhatcve
redhatcve
CVE-2022-29117
2022-05-10 17:27:51
github
github
.NET Denial of Service Vulnerability
2022-08-30 19:32:29
osv
osv
CVE-2022-29117
2022-05-10 21:15:11
.NET Denial of Service Vulnerability
2022-08-30 19:32:29
BIT-dotnet-sdk-2022-29117
2024-03-06 10:58:18
cvelist
cvelist
CVE-2022-29117 .NET and Visual Studio Denial of Service Vulnerability
2022-05-10 20:34:23
mscve
mscve
.NET and Visual Studio Denial of Service Vulnerability
2022-05-10 08:00:00
prion
prion
Denial of service
2022-05-10 21:15:00
ibm
ibm
Security Bulletin: IBM Robotic Process Automation may be vulnerable to denial of service due to microsoft.owin.security.cookies (CVE-2022-29117)
2022-10-06 04:10:57
redhat
redhat
nessus
nessus
RHEL 7 : .NET Core 3.1 on RHEL 7 (RHSA-2022:2194)
2022-05-13 00:00:00
Oracle Linux 8 : .NET / Core / 3.1 (ELSA-2022-2202)
2022-05-19 00:00:00
RHEL 8 : .NET 6.0 (RHSA-2022:2199)
2022-05-12 00:00:00
oraclelinux
oraclelinux
.NET 6.0 security, bug fix, and enhancement update
2022-05-19 00:00:00
.NET 6.0 security, bug fix, and enhancement update
2022-06-30 00:00:00
.NET 5.0 security, bug fix, and enhancement update
2022-05-19 00:00:00
almalinux
almalinux
Important: .NET Core 3.1 security, bug fix, and enhancement update
2022-05-11 13:24:22
Important: .NET 6.0 security, bug fix, and enhancement update
2022-05-11 13:20:34
Important: .NET 5.0 security, bug fix, and enhancement update
2022-05-11 13:22:02
openvas
openvas
.NET Core Multiple Denial of Service Vulnerabilities (KB5014326)
2022-05-11 00:00:00
Fedora: Security Advisory for dotnet6.0 (FEDORA-2022-d69fee9f38)
2022-05-22 00:00:00
Fedora: Security Advisory for dotnet6.0 (FEDORA-2022-256d559f0c)
2022-05-22 00:00:00
mskb
mskb
.NET 5.0 Update: May 10, 2022 (KB5014329)
2022-05-10 08:00:00
.NET Core 3.1 Update: May 10, 2022 (KB5014326)
2022-05-10 08:00:00
.NET 6.0 Update: May 10, 2022 (KB5014330)
2022-05-10 08:00:00
rocky
rocky
.NET Core 3.1 security, bug fix, and enhancement update
2022-05-11 13:24:22
.NET 6.0 security, bug fix, and enhancement update
2022-05-11 13:20:34
.NET 5.0 security, bug fix, and enhancement update
2022-05-11 13:22:02
altlinux
altlinux
fedora
fedora
[SECURITY] Fedora 34 Update: dotnet6.0-6.0.105-1.fc34
2022-05-21 01:06:20
[SECURITY] Fedora 35 Update: dotnet6.0-6.0.105-1.fc35
2022-05-21 01:32:22
[SECURITY] Fedora 36 Update: dotnet6.0-6.0.105-1.fc36
2022-05-21 01:32:15
kaspersky
kaspersky
KLA12535 Multiple vulnerabilities in Microsoft Developer Tools
2022-05-10 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - May 2022
2022-05-10 19:59:20
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.0%
Related for CVE-2022-29117