.NET Framework Denial of Service Vulnerability
CVE-2024-21312

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft .net Framework 3.5 And 4.8.1; Microsoft .net Framework 4.8; Microsoft .net Framework 3.5 And 4.8; Microsoft .net Framework 3.5 And 4.7.2
Vendor: CVE Published:; 9 January 2024

Summary

A Denial of Service vulnerability exists in the .NET Framework that can potentially allow an attacker to cause a disruption in service. This may occur when malicious input is processed, potentially exhausting system resources and leading to instability. Users and administrators are encouraged to apply necessary updates and patches released by Microsoft to mitigate against such attacks.

Affected Version(s)

Microsoft .NET Framework 3.5 AND 4.7.2 Windows 10 Version 1809 for 32-bit Systems 4.7.0 < 4.7.04081.03

Microsoft .NET Framework 3.5 AND 4.8 Windows 10 Version 1809 for 32-bit Systems 4.8.0 < 4.8.04690.02

Microsoft .NET Framework 3.5 AND 4.8.1 Windows 11 Version 23H2 for x64-based Systems 4.8.1 < 4.8.09214.01

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

0% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2024
Vulnerability Reserved
Dec 8, 2023

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed