Lucene search

K

GoogleOSV:RLSA-2022:6058

HistoryAug 15, 2022 - 7:40 a.m.

Moderate: .NET 6.0 security, bug fix, and enhancement update

2022-08-1507:40:49

Google

osv.dev

11

.net framework

security vulnerability

bug fix

enhancement

cve-2022-34716

managed-software framework

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

46.8%

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8.

Security Fix(es):

dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

bugzilla.redhat.com/show_bug.cgi?id=2115183

errata.rockylinux.org/RLSA-2022:6058

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

46.8%

Related for OSV:RLSA-2022:6058

osv9 nessus15 alpinelinux1 nvd1 almalinux3 openvas1 redhat5 ibm2 oraclelinux3 mscve1 cve1 redos1 redhatcve1 prion1 cvelist1 mskb2 veracode1 cbl_mariner1 rocky2 github1 altlinux4 kaspersky1 photon1 rapid7blog1