.NET Core is vulnerable to denial of service. The vulnerability exists due to a stack overflow which allows an attacker to send a customized payload that is parsed during model binding and cause an application crash.
github.com/advisories/GHSA-r8m2-4x37-6592
github.com/dotnet/announcements/issues/234
github.com/dotnet/aspnetcore/commit/b8dc1f26e3e4faf6576377e0bafb1a22ae6499f9
github.com/dotnet/aspnetcore/commit/fb8c9e7800619ad6ce75fc9591cd4b06c93e5164
github.com/dotnet/aspnetcore/issues/43953
github.com/dotnet/aspnetcore/pull/43122
github.com/dotnet/aspnetcore/pull/43123
lists.fedoraproject.org/archives/list/[email protected]/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY/
lists.fedoraproject.org/archives/list/[email protected]/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE/
lists.fedoraproject.org/archives/list/[email protected]/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y/
lists.fedoraproject.org/archives/list/[email protected]/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG/
lists.fedoraproject.org/archives/list/[email protected]/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M/
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013