Lucene search

K

Veracode Vulnerability DatabaseVERACODE:46903

HistoryMay 15, 2024 - 3:58 a.m.

Denial Of Service (DoS)

2024-05-1503:58:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

16

denial of service

.net kestrel web server

vulnerability

concurrent requests

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

9.0%

Microsoft.AspNetCore.App.Runtime is vulnerable to Denial of Service (DoS). The vulnerability is caused by a deadlock that occurs within the .NET Kestrel web server, specifically impacting the handling of concurrent requests under certain conditions, which allows an attacker to potentially disrupt services by creating a condition that triggers the deadlock.

References

github.com/dotnet/announcements/issues/308

github.com/dotnet/aspnetcore/issues/55714

github.com/dotnet/aspnetcore/security/advisories/GHSA-hhc7-x9w4-cw47

msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

9.0%

Related for VERACODE:46903

osv13 cvelist1 github1 vulnrichment1 ubuntucve1 alpinelinux1 nvd1 cve1 redhatcve1 mscve1 openvas2 rocky4 nessus17 almalinux4 ubuntu1 redhat4 oraclelinux4 mskb2 kaspersky1 talosblog1 rapid7blog1