Lucene search
UbuntuUSN-6578-1HistoryJan 11, 2024 - 12:00 a.m.
.NET vulnerabilities
2024-01-1100:00:00
ubuntu.com
33
.net
ubuntu
dotnet
x.509 certificate
authentication
denial of service
cve-2024-0057
cve-2024-21319
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
40.0%
Releases
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
Packages
- dotnet6 - dotNET CLI tools and runtime
- dotnet7 - dotNET CLI tools and runtime
- dotnet8 - dotNET CLI tools and runtime
Details
Vishal Mishra and Anita Gaud discovered that .NET did not properly
validate X.509 certificates with malformed signatures. An attacker
could possibly use this issue to bypass an applicationâs typical
authentication logic.
(CVE-2024-0057)
Morgan Brown discovered that .NET did not properly handle requests from
unauthenticated clients. An attacker could possibly use this issue to
cause a denial of service.
(CVE-2024-21319)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 23.10 | noarch | aspnetcore-runtime-6.0 | <Â 6.0.126-0ubuntu1~23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | aspnetcore-targeting-pack-6.0 | <Â 6.0.126-0ubuntu1~23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | dotnet-apphost-pack-6.0 | <Â 6.0.126-0ubuntu1~23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | dotnet-apphost-pack-6.0-dbgsym | <Â 6.0.126-0ubuntu1~23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | dotnet-host | <Â 6.0.126-0ubuntu1~23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | dotnet-host-dbgsym | <Â 6.0.126-0ubuntu1~23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | dotnet-hostfxr-6.0 | <Â 6.0.126-0ubuntu1~23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | dotnet-hostfxr-6.0-dbgsym | <Â 6.0.126-0ubuntu1~23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | dotnet-runtime-6.0 | <Â 6.0.126-0ubuntu1~23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | dotnet-runtime-6.0-dbgsym | <Â 6.0.126-0ubuntu1~23.10.1 | UNKNOWN |
Related
openvas
openvas
Ubuntu: Security Advisory (USN-6578-1)
2024-01-12 00:00:00
.NET Core Multiple Vulnerabilities (KB5033741)
2024-01-11 00:00:00
.NET Core Multiple Vulnerabilities (KB5033733)
2024-01-11 00:00:00
nessus
nessus
Ubuntu 22.04 LTS / 23.04 / 23.10 : .NET vulnerabilities (USN-6578-1)
2024-01-11 00:00:00
CentOS 8 : .NET 8.0 (CESA-2024:0150)
2024-01-30 00:00:00
RHEL 9 : .NET 8.0 (RHSA-2024:0152)
2024-01-10 00:00:00
osv
osv
dotnet6, dotnet7, dotnet8 vulnerabilities
2024-01-11 15:44:28
Important: .NET 7.0 security update
2024-01-12 19:57:42
Important: .NET 8.0 security update
2024-01-10 00:00:00
oraclelinux
oraclelinux
.NET 7.0 security update
2024-01-17 00:00:00
.NET 6.0 security update
2024-01-12 00:00:00
.NET 8.0 security update
2024-02-20 00:00:00
almalinux
almalinux
Important: .NET 6.0 security update
2024-01-10 00:00:00
Important: .NET 8.0 security update
2024-01-10 00:00:00
Important: .NET 7.0 security update
2024-01-10 00:00:00
redhat
redhat
(RHSA-2024:0150) Important: .NET 8.0 security update
2024-01-10 15:15:53
(RHSA-2024:0152) Important: .NET 8.0 security update
2024-01-10 15:18:52
rocky
rocky
.NET 6.0 security update
2024-01-12 19:57:42
.NET 8.0 security update
2024-01-12 19:57:42
.NET 7.0 security update
2024-01-12 19:57:42
mskb
mskb
.NET 8.0 Update - January 09, 2024 (KB5033741)
2024-01-09 08:00:00
.NET 7.0 Update - January 09, 2024 (KB5033734)
2024-01-09 08:00:00
.NET 6.0 Update - January 09, 2024 (KB5033733)
2024-01-09 08:00:00
cve
cve
prion
prion
Denial of service
2024-01-09 19:15:00
Security feature bypass
2024-01-09 18:15:00
ibm
ibm
github
github
Microsoft ASP.NET Core project templates vulnerable to denial of service
2024-01-09 19:35:02
NuGet Client Security Feature Bypass Vulnerability
2024-02-13 21:18:10
JWX vulnerable to a denial of service attack using compressed JWE message
2024-03-08 15:06:53
veracode
veracode
Denial Of Service (DoS)
2024-01-10 10:01:02
Protection Mechanism Failure
2024-01-30 18:59:03
nvd
nvd
alpinelinux
alpinelinux
CVE-2024-21319
2024-01-09 19:15:12
CVE-2024-0057
2024-01-09 18:15:46
mscve
mscve
Microsoft Identity Denial of service vulnerability
2024-01-09 08:00:00
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
2024-01-09 08:00:00
ubuntucve
ubuntucve
redhatcve
redhatcve
cvelist
cvelist
CVE-2024-21319 Microsoft Identity Denial of service vulnerability
2024-01-09 18:59:01
CVE-2024-0057 NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
2024-01-09 17:56:59
CVE-2024-33664
2024-04-25 00:00:00
redos
redos
ROS-20240418-02
2024-04-18 00:00:00
cgr
cgr
CVE-2024-0057 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2024-0057 vulnerabilities
2024-09-30 03:53:08
kaspersky
kaspersky
KLA62822 Multiple vulnerabilities in Microsoft Developer Tools
2024-01-09 00:00:00
KLA62826 Multiple vulnerabilities in Microsoft Azure
2024-01-09 00:00:00
vulnrichment
vulnrichment
CVE-2024-33664
2024-04-25 00:00:00
debiancve
debiancve
CVE-2024-33664
2024-04-26 00:15:09
photon
photon
Critical Photon OS Security Update - PHSA-2024-3.0-0717
2024-01-25 00:00:00
Critical Photon OS Security Update - PHSA-2024-5.0-0195
2024-01-25 00:00:00
Critical Photon OS Security Update - PHSA-2024-4.0-0556
2024-01-25 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - January 2024
2024-01-09 21:23:10
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
40.0%
Related for USN-6578-1