Описание
.NET and Visual Studio Denial of Service Vulnerability
A vulnerability was found in .NET. Specifically .NET 9.0 Core - DoS - (unbounded work factor) in NrbfDecoder component
Отчет
Red Hat has the information for this vulnerability and its limitation to only .NET Core 9.0. No other versions are expected to be vulnerable to this flaw.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | dotnet8.0 | Not affected | ||
| Red Hat Enterprise Linux 10 | dotnet9.0 | Affected | ||
| Red Hat Enterprise Linux 8 | dotnet6.0 | Not affected | ||
| Red Hat Enterprise Linux 8 | dotnet8.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet6.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet7.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet8.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet9.0 | Fixed | RHSA-2024:9543 | 13.11.2024 |
Показывать по
10
Дополнительная информация
Статус:
Important
https://bugzilla.redhat.com/show_bug.cgi?id=2323240dotnet: .NET Core - DoS - (unbounded work factor) in NrbfDecoder component
EPSS
Процентиль: 68%
0.0058
Низкий
7.5 High
CVSS3
Связанные уязвимости
EPSS
Процентиль: 68%
0.0058
Низкий
7.5 High
CVSS3