CVE-2023-38180
.NET and Visual Studio Denial of Service Vulnerability
Vexday Risk Score
56Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.5EPSS 15.5%KEV simPoC —Patch referenciado
Lifecycle
Aug 08, 2023Published on NVD
Aug 09, 2023Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A denial of service vulnerability in .NET and Visual Studio allows an attacker to crash or freeze the application by sending specially crafted input. This can disrupt services and prevent legitimate users from accessing the application.
Technical detail
CWE-400 (Uncontrolled Resource Consumption) vulnerability affecting .NET and Visual Studio where malicious input triggers excessive resource consumption, leading to denial of service. The attack requires the attacker to send crafted data to the affected application, causing it to exhaust CPU, memory, or other critical resources and become unresponsive.
Summary generated and translated by AI from the official description.
.NET and Visual Studio Denial of Service Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Affected products
Microsoft · ASP.NET Core 2.1Microsoft · Microsoft Visual Studio 2022 version 17.2Microsoft · Microsoft Visual Studio 2022 version 17.4Microsoft · Microsoft Visual Studio 2022 version 17.6Microsoft · .NET 6.0Microsoft · .NET 7.0Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY/https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38180