.NET/VS RCE Vulnerability
CVE-2023-33128 Published on June 14, 2023

.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability

Github Repository Vendor Advisory NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2023-33128 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2023-33128

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-33128 are published in these products:

Canonical Ubuntu Linux

Microsoft Visual Studio 2022

Microsoft Net

Affected Versions

Microsoft .NET 6.0:

Version 6.0.0 and below 6.0.18 is affected.

Microsoft .NET 7.0:

Version 7.0.0 and below 7.0.7 is affected.

Microsoft Visual Studio 2022 version 17.0:

Version 17.0.0 and below 17.0.22 is affected.

Microsoft Visual Studio 2022 version 17.2:

Version 17.2.0 and below 17.2.16 is affected.

Microsoft Visual Studio 2022 version 17.4:

Version 17.4.0 and below 17.4.8 is affected.

Microsoft Visual Studio 2022 version 17.6:

Version 17.6.0 and below 17.6.3 is affected.

Microsoft PowerShell 7.3:

Version 7.3.0 and below 7.3.5 is affected.

Vulnerable Packages

The following package name and versions may be associated with CVE-2023-33128

Package Manager	Vulnerable Package	Versions	Fixed In
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.win-x86	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.win-x64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.win-arm64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.win-arm	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.osx-x64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.osx-arm64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-x64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-musl-x64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-arm64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-arm	>= 7.0.0, <= 7.0.5	7.0.7

Exploit Probability

EPSS

1.06%

Percentile

77.40%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.