Mar 2022: .NET and Visual Studio Denial of Service Vulnerability
CVE-2022-24464 Published on March 9, 2022
.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2022-24464 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2022-24464
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-24464 are published in these products:
Affected Versions
Microsoft .NET 6.0:- Version 6.0.0 and below 6.0.3 is affected.
- Version 5.0.0 and below 5.0.15 is affected.
- Version 3.1 and below 3.1.23 is affected.
- Version 16.0.0 and below 16.7.26 is affected.
- Version 15.0.0 and below 16.9.18 is affected.
- Version 16.11.0 and below 16.11.11 is affected.
- Version 17.0.0 and below 17.0.7 is affected.
Vulnerable Packages
The following package name and versions may be associated with CVE-2022-24464
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| nuget | Microsoft.AspNetCore.App.Runtime.linux-arm | >= 5.0.0, < 5.0.15 | 5.0.15 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-arm64 | >= 5.0.0, < 5.0.15 | 5.0.15 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-arm | >= 5.0.0, < 5.0.15 | 5.0.15 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | >= 5.0.0, < 5.0.15 | 5.0.15 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-musl-arm | >= 5.0.0, < 5.0.15 | 5.0.15 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-arm | >= 6.0.0, < 6.0.3 | 6.0.3 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-arm64 | >= 6.0.0, < 6.0.3 | 6.0.3 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-musl-arm | >= 6.0.0, < 6.0.3 | 6.0.3 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | >= 6.0.0, < 6.0.3 | 6.0.3 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | >= 6.0.0, < 6.0.3 | 6.0.3 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-x64 | >= 6.0.0, < 6.0.3 | 6.0.3 |
| nuget | Microsoft.AspNetCore.App.Runtime.osx-arm64 | >= 6.0.0, < 6.0.3 | 6.0.3 |
| nuget | Microsoft.AspNetCore.App.Runtime.osx-x64 | >= 6.0.0, < 6.0.3 | 6.0.3 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-arm | >= 6.0.0, < 6.0.3 | 6.0.3 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-arm64 | >= 6.0.0, < 6.0.3 | 6.0.3 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-x64 | >= 6.0.0, < 6.0.3 | 6.0.3 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-x86 | >= 6.0.0, < 6.0.3 | 6.0.3 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | >= 5.0.0, < 5.0.15 | 5.0.15 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-arm | >= 3.0.0, < 3.1.23 | 3.1.23 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-arm64 | >= 3.0.0, < 3.1.23 | 3.1.23 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | >= 3.0.0, < 3.1.23 | 3.1.23 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | >= 3.0.0, < 3.1.23 | 3.1.23 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-x64 | >= 3.0.0, < 3.1.23 | 3.1.23 |
| nuget | Microsoft.AspNetCore.App.Runtime.osx-x64 | >= 3.0.0, < 3.1.23 | 3.1.23 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-arm | >= 3.0.0, < 3.1.23 | 3.1.23 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-arm64 | >= 3.1.5, < 3.1.23 | 3.1.23 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-x64 | >= 3.0.0, < 3.1.23 | 3.1.23 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-x86 | >= 3.0.0, < 3.1.23 | 3.1.23 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-x64 | >= 5.0.0, < 5.0.15 | 5.0.15 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-x64 | >= 5.0.0, < 5.0.15 | 5.0.15 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-x86 | >= 5.0.0, < 5.0.15 | 5.0.15 |
| nuget | Microsoft.AspNetCore.App.Runtime.osx-x64 | >= 5.0.0, < 5.0.15 | 5.0.15 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-arm64 | >= 5.0.0, < 5.0.15 | 5.0.15 |
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.