.NET Denial of Service Vulnerability
CVE-2024-21404

7.5HIGH

Key Information:

Vendor: Microsoft
Status: .net 6.0; .net 7.0; .net 8.0; Microsoft Visual Studio 2022 Version 17.4
Vendor: CVE Published:; 13 February 2024

Summary

The .NET Denial of Service vulnerability presents risks that can allow attackers to disrupt the availability of affected applications by exploiting specific flaws in the .NET Framework. This can lead to interruptions in service and potentially expose sensitive information, impacting both system functionality and organizational operations. It is critical for users to address this vulnerability through timely updates and patching recommendations provided by Microsoft to ensure continued security and reliability of their systems.

Affected Version(s)

.NET 6.0 Unknown 6.0.0 < 6.0.27

.NET 7.0 Unknown 7.0.0 < 7.0.16

.NET 8.0 Unknown 1.0.0 < 8.0.2

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Dec 8, 2023

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed