.NET and Visual Studio Denial of Service Vulnerability
CVE-2023-32030

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft .net Framework 4.8; Microsoft .net Framework 3.5 And 4.8; Microsoft .net Framework 3.5 And 4.7.2; Microsoft .net Framework 3.5 And 4.6.2/4.7/4.7.1/4.7.2
Vendor: CVE Published:; 14 June 2023

Summary

A Denial of Service vulnerability exists in .NET and Visual Studio, allowing attackers to disrupt service availability. This vulnerability can be exploited by sending specially crafted requests to the application, which may result in system unavailability. It is crucial for users and organizations to apply available patches and implement security best practices to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Microsoft .NET Framework 2.0 Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 2.0.0 < 10.0.14393.5989

Microsoft .NET Framework 3.0 Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 3.0.0 < 3.0.6920.8954; 2.0.50727.8970

Microsoft .NET Framework 3.5 and 4.6.2 Windows 10 for 32-bit Systems 4.7.0 < 10.0.10240.19983

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2023
Vulnerability Reserved
May 1, 2023