Описание
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
A flaw was found in dotnet. Improper use of the HTTP/3 protocol allows an unauthorized remote attacker to cause an allocation of resources without limits or throttling in ASP.NET Core, resulting in a denial of service.
Отчет
This issue can only be exploited when support for the HTTP/3 protocol is enabled. The .NET packages shipped in Red Hat Enterprise Linux do not support the HTTP/3 protocol. Therefore, Red Hat products are not affected by this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | dotnet8.0 | Not affected | ||
| Red Hat Enterprise Linux 8 | dotnet9.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet6.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet7.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet8.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet9.0 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
ASP.NET Core and Visual Studio Denial of Service Vulnerability
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Уязвимость программной платформы ASP.NET Core и средства разработки программного обеспечения Microsoft Visual Studio, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3