HIGH🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2023-38180

CVSS 7.5v3.1pub. 2023-08-08upd. 2025-10-28

.NET and Visual Studio Denial of Service Vulnerability

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Fedora Project Fedora

    OS
    Fedoraproject
    3738
  • Microsoft Asp.net Core

    APP
    Microsoft
    2.1 – 2.1.40 (bez)
  • Microsoft .net

    APP
    Microsoft
    6.0.0 – 6.0.21 (bez)7.0.0 – 7.0.10 (bez)
  • Microsoft Visual Studio 2022

    APP
    Microsoft
    17.6.0 – 17.6.6 (bez)17.4.0 – 17.4.10 (bez)17.2.0 – 17.2.18 (bez)

CISA KEV — detailsi

Vendori
Microsoft
Producti
.NET Core and Visual Studio
Added to KEVi
August 9, 2023
Remediation deadline (US Federal)i
August 30, 2023(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS).

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 30 sierpnia 2023
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit

CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML

CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)

CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox

CVE-2023-6345CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Integer overflow w Skia w Google Chrome — sandbox escape