CVE-2023-38180 in Canonical and Microsoft Products
Published on August 8, 2023
Known Exploited Vulnerability
This Microsoft .NET Core and Visual Studio Denial of Service Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial of service.
The following remediation steps are recommended / required by August 30, 2023: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2023-38180 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Products Associated with CVE-2023-38180
You can be notified by stack.watch whenever vulnerabilities like CVE-2023-38180 are published in these products:
What versions are vulnerable to CVE-2023-38180?
-
Microsoft ASP.NET Core
Version 2.1
-
Microsoft Net
Version 6.0.0
-
-
Microsoft Net
Version 7.0.0
-
Microsoft Visual Studio 2022
Version 17.2.0
Fixed in Version 17.2.18
-
Microsoft Visual Studio 2022
Version 17.4.0
Fixed in Version 17.4.10
-
Microsoft Visual Studio 2022
Version 17.6.0
Fixed in Version 17.6.6
Vulnerable Packages
The following package name and versions may be associated with CVE-2023-38180
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| nuget | Microsoft.AspNetCore.App.Runtime.win-x86 | >= 7.0.0, <= 7.0.9 | 7.0.10 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-x64 | >= 7.0.0, <= 7.0.9 | 7.0.10 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-arm64 | >= 7.0.0, <= 7.0.9 | 7.0.10 |