CVE-2023-36038

Опубликовано: 14 нояб. 2023

Источник: msrc

CVSS3: 8.2

EPSS Низкий

Описание

ASP.NET Core Denial of Service Vulnerability

FAQ

How could an attacker exploit this vulnerability?

This vulnerability could be exploited if http requests to .NET 8 RC 1 running on IIS InProcess hosting model are cancelled. Threads counts would increase and an OutOfMemoryException is possible.

According to the CVSS metric, successful exploitation of this vulnerability could lead to a total loss of availability (A:H). What does that mean for this vulnerability?

If an attacker was able to successfully exploit the vulnerability the attack might result in a total loss of availability.

Обновления

Продукт	Статья	Обновление
Microsoft Visual Studio 2022 version 17.2	Release Notes	Security Update
Microsoft Visual Studio 2022 version 17.4	Release Notes	Security Update
Microsoft Visual Studio 2022 version 17.6	Release Notes	Security Update
Microsoft Visual Studio 2022 version 17.7	Release Notes	Security Update
ASP.NET Core 8.0	Release Notes	Security Update
.NET 8.0	Release Notes	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Yes

Exploited

Latest Software Release

Exploitation Less Likely

EPSS

Процентиль: 91%

0.07176

Низкий

8.2 High

CVSS3

Связанные уязвимости

CVE-2023-36038

CVSS3: 8.2

ubuntu

около 2 лет назад

ASP.NET Core Denial of Service Vulnerability

CVE-2023-36038

CVSS3: 8.2

nvd

около 2 лет назад

ASP.NET Core Denial of Service Vulnerability

BDU:2023-08097

CVSS3: 8.2

fstec

около 2 лет назад

Уязвимость программной платформы ASP.NET Core, связанная с некорректной зачисткой или освобождением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 91%

0.07176

Низкий

8.2 High

CVSS3