May 2022: .NET and Visual Studio Denial of Service Vulnerability
CVE-2022-23267 Published on May 10, 2022

Products Associated with CVE-2022-23267

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-23267 are published in these products:

Affected Versions

Microsoft .NET Core 3.1:

• Version 3.1 and below 3.1.25 is affected.

Microsoft .NET 5.0:

• Version 5.0.0 and below 5.0.17 is affected.

Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8):

• Version 15.0.0 and below 16.9.21 is affected.

Microsoft Visual Studio 2019 for Mac version 8.10:

• Version 8.1.0 and below 8.10.24 is affected.

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10):

• Version 16.11.0 and below 16.11.14 is affected.

Microsoft Visual Studio 2022 version 17.0:

• Version 17.0.0 and below 17.0.10 is affected.

Microsoft .NET 6.0:

• Version 6.0.0 and below 6.0.5 is affected.

Microsoft Visual Studio 2022 version 17.1:

• Version 17.0.0 and below 17.1.7 is affected.

Microsoft PowerShell 7.0:

• Version 7.0.0 and below 7.0.11 is affected.

Microsoft PowerShell 7.2:

• Version 7.2.0 and below 7.2.4 is affected.

Microsoft Visual Studio 2022 for Mac version 17.0:

• Version 17.0.0 and below 17.0.3 is affected.

Vulnerable Packages

The following package name and versions may be associated with CVE-2022-23267

Package Manager	Vulnerable Package	Versions	Fixed In
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	>= 6.0.0, < 6.0.5	6.0.5
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm	>= 5.0.0, < 5.0.17	5.0.17
nuget	Microsoft.AspNetCore.App.Runtime.win-arm64	>= 5.0.0, < 5.0.17	5.0.17
nuget	Microsoft.AspNetCore.App.Runtime.win-arm	>= 5.0.0, < 5.0.17	5.0.17
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	>= 5.0.0, < 5.0.17	5.0.17
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-arm	>= 5.0.1, < 5.0.17	5.0.17
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm	>= 6.0.0, < 6.0.5	6.0.5
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm64	>= 6.0.0, < 6.0.5	6.0.5
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-arm	>= 6.0.0, < 6.0.5	6.0.5
nuget	Microsoft.AspNetCore.App.Runtime.win-x86	>= 6.0.0, < 6.0.5	6.0.5
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-x64	>= 6.0.0, < 6.0.5	6.0.5
nuget	Microsoft.AspNetCore.App.Runtime.linux-x64	>= 6.0.0, < 6.0.5	6.0.5
nuget	Microsoft.AspNetCore.App.Runtime.osx-arm64	>= 6.0.0, < 6.0.5	6.0.5
nuget	Microsoft.AspNetCore.App.Runtime.osx-x64	>= 6.0.0, < 6.0.5	6.0.5
nuget	Microsoft.AspNetCore.App.Runtime.win-arm	>= 6.0.0, < 6.0.5	6.0.5
nuget	Microsoft.AspNetCore.App.Runtime.win-arm64	>= 6.0.0, < 6.0.5	6.0.5
nuget	Microsoft.AspNetCore.App.Runtime.win-x64	>= 6.0.0, < 6.0.5	6.0.5
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-x64	>= 5.0.0, < 5.0.17	5.0.17
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm	>= 3.0.0, < 3.1.25	3.1.25
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm64	>= 3.0.0, < 3.1.25	3.1.25
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	>= 3.0.0, < 3.1.25	3.1.25
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-x64	>= 3.0.0, < 3.1.25	3.1.25
nuget	Microsoft.AspNetCore.App.Runtime.linux-x64	>= 3.0.0, < 3.1.25	3.1.25
nuget	Microsoft.AspNetCore.App.Runtime.osx-x64	>= 3.0.0, < 3.1.25	3.1.25
nuget	Microsoft.AspNetCore.App.Runtime.win-arm	>= 3.0.0, < 3.1.25	3.1.25
nuget	Microsoft.AspNetCore.App.Runtime.win-arm64	>= 3.0.0, < 3.1.25	3.1.25
nuget	Microsoft.AspNetCore.App.Runtime.win-x64	>= 3.0.0, < 3.1.25	3.1.25
nuget	Microsoft.AspNetCore.App.Runtime.win-x86	>= 3.0.0, < 3.1.25	3.1.25
nuget	Microsoft.AspNetCore.App.Runtime.win-x64	>= 5.0.0, < 5.0.17	5.0.17
nuget	Microsoft.AspNetCore.App.Runtime.linux-x64	>= 5.0.0, < 5.0.17	5.0.17
nuget	Microsoft.AspNetCore.App.Runtime.win-x86	>= 5.0.0, < 5.0.17	5.0.17
nuget	Microsoft.AspNetCore.App.Runtime.osx-x64	>= 5.0.0, < 5.0.17	5.0.17
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm64	>= 5.0.0, < 5.0.17	5.0.17

Exploit Probability