.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2023-29331

7.5HIGH

Key Information:

Vendor: Microsoft
Status: .net 6.0; .net 7.0; Microsoft Visual Studio 2022 Version 17.0; Microsoft Visual Studio 2022 Version 17.2
Vendor: CVE Published:; 14 June 2023

Summary

A denial of service vulnerability exists in Microsoft .NET Framework and Visual Studio, which could allow an attacker to disrupt the availability of the affected applications. By exploiting this vulnerability, an attacker could send specially crafted requests that might lead to unexpected behavior, ultimately causing system downtime. It is crucial for users to implement the necessary updates to mitigate the risk and maintain seamless operation of their software.

Affected Version(s)

.NET 6.0 Unknown 6.0.0 < 6.0.18

.NET 7.0 Unknown 7.0.0 < 7.0.7

Microsoft .NET Framework 2.0 Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 2.0.0 < 3.0.6920.8954; 2.0.50727.8970

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2023
Vulnerability Reserved
Apr 4, 2023