CVE-2022-24464: .NET Denial of Service Vulnerability
(updated )
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET CORE 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Microsoft is aware of a Denial of Service vulnerability, which exists in .NET 6.0, .NET 5.0, and .NET CORE 3.1 when parsing certain types of http form requests.
References
- github.com/advisories/GHSA-cw98-9j8w-wxv9
- github.com/dotnet/announcements/issues/212
- github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG
- msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464
- nvd.nist.gov/vuln/detail/CVE-2022-24464
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464
Code Behaviors & Features
Detect and mitigate CVE-2022-24464 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →