Описание
.NET and Visual Studio Remote Code Execution Vulnerability
A type confusion vulnerability was found in .NET 9.0 Core in .NET that leads to AV in the .NET Core NrbfDecoder component.
Отчет
This issue is limited to .NET Core 9.0 only. No other versions are expected to be vulnerable to this flaw.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | dotnet8.0 | Not affected | ||
| Red Hat Enterprise Linux 10 | dotnet9.0 | Affected | ||
| Red Hat Enterprise Linux 8 | dotnet6.0 | Not affected | ||
| Red Hat Enterprise Linux 8 | dotnet8.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet6.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet7.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet8.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet9.0 | Fixed | RHSA-2024:9543 | 13.11.2024 |
Показывать по
Дополнительная информация
Статус:
8.8 High
CVSS3
Связанные уязвимости
.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
Уязвимость средства разработки программного обеспечения Microsoft Visual Studio и программной платформы Microsoft.NET, позволяющая нарушителю выполнить произвольный код
8.8 High
CVSS3