Описание
.NET and Visual Studio Remote Code Execution Vulnerability
A flaw was found in dotnet. When closing an HTTP/3 stream while application code is writing to the response body, a race condition can cause a use-after-free.
Отчет
.NET 8.0 (dotnet8.0) was released for RHEL 8 starting with RHEL 8.9. Therefore, this .NET version is not affected in RHEL 8.8 and previous versions. .NET 8.0 (dotnet8.0) was released for RHEL 9 starting with RHEL 9.3. Therefore, this .NET version is not affected in RHEL 9.2 and previous versions.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | dotnet6.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet6.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet7.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet9.0 | Not affected | ||
| Red Hat Enterprise Linux 8 | dotnet8.0 | Fixed | RHSA-2024:7868 | 09.10.2024 |
| Red Hat Enterprise Linux 9 | dotnet8.0 | Fixed | RHSA-2024:7869 | 09.10.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability
Уязвимость программной платформы Microsoft .NET и средства разработки программного обеспечения Microsoft Visual Studio, связанная с возможностью использования памяти после освобождения, позволяющая нарушителю выполнить произвольный код
EPSS
8.1 High
CVSS3