Lucene search

K

GoogleOSV:RLSA-2024:2842

HistoryJun 14, 2024 - 2:00 p.m.

Important: .NET 8.0 security update

2024-06-1414:00:35

Google

osv.dev

11

.net framework

security update

stack buffer overrun

denial of service

asp.net core

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

17.0%

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5.

Security Fix(es):

dotnet: stack buffer overrun in Double Parse (CVE-2024-30045)
dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

bugzilla.redhat.com/show_bug.cgi?id=2279695

bugzilla.redhat.com/show_bug.cgi?id=2279697

errata.rockylinux.org/RLSA-2024:2842

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

17.0%

Related for OSV:RLSA-2024:2842

osv16 openvas2 rocky4 nessus19 almalinux4 ubuntu1 redhat4 oraclelinux4 mskb2 kaspersky1 mscve2 cve2 veracode2 cvelist2 redhatcve2 redos1 github2 vulnrichment2 ubuntucve2 alpinelinux2 nvd2 ics1 talosblog1 rapid7blog1