CVE-2023-21722

Опубликовано: 14 фев. 2023

Источник: msrc

CVSS3: 5

EPSS Низкий

Описание

.NET Framework Denial of Service Vulnerability

FAQ

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is Denial of Service?

The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website. This could lead to a local attack on the victim's computer which could cause a denial of service.

Обновления

Продукт	Статья	Обновление
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1	5022731 5022783	Monthly Rollup Security Only
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5022731 5022783	Monthly Rollup Security Only
Microsoft .NET Framework 4.8 on Windows Server 2012	5022732 5022784	Monthly Rollup Security Only
Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)	5022732 5022784	Monthly Rollup Security Only
Microsoft .NET Framework 4.8 on Windows Server 2012 R2	5022733 5022785	Monthly Rollup Security Only
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)	5022733 5022785	Monthly Rollup Security Only
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems	5022782	Security Update
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems	5022782	Security Update
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019	5022782	Security Update
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)	5022782	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 56%

0.00342

Низкий

5 Medium

CVSS3

Связанные уязвимости

CVE-2023-21722

CVSS3: 5

ubuntu

почти 3 года назад

.NET Framework Denial of Service Vulnerability

CVE-2023-21722

CVSS3: 5

nvd

почти 3 года назад

.NET Framework Denial of Service Vulnerability

GHSA-xp67-pj6p-rpvg

CVSS3: 4.4

github

почти 3 года назад

.NET Framework Denial of Service Vulnerability

BDU:2023-00859

CVSS3: 4.4

fstec

почти 3 года назад

Уязвимость программной платформы Microsoft .NET Framework, связанная c некорректной зачисткой или освобождением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 56%

0.00342

Низкий

5 Medium

CVSS3