.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-21392

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Visual Studio 2022 Version 17.9; Powershell 7.3; Powershell 7.4; .net 7.0
Vendor: CVE Published:; 12 March 2024

Summary

This vulnerability in Microsoft .NET and Visual Studio allows an attacker to execute a denial of service attack, potentially disrupting application functionality and affecting the availability of services. Proper security measures, including timely updates and monitoring, are essential to mitigate risks associated with this vulnerability.

Affected Version(s)

.NET 7.0 Unknown 7.0.0 < 7.0.17

.NET 8.0 Unknown 1.0.0 < 8.0.3

Microsoft Visual Studio 2022 version 17.4 Unknown 17.4.0 < 17.4.17

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Dec 8, 2023

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed