Microsoft .NET & VS Remote Code Execution via RCE Vulnerability
CVE-2024-30045 Published on May 14, 2024

.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability

Github Repository Vendor Advisory NVD

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Products Associated with CVE-2024-30045

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-30045 are published in these products:

Canonical Ubuntu Linux

Microsoft Net

Microsoft Visual Studio 2022

Microsoft Powershell

Affected Versions

Microsoft .NET 8.0:

Version 8.0 and below 8.0.5 is affected.

Microsoft .NET 7.0:

Version 7.0.0 and below 7.0.19 is affected.

Microsoft Visual Studio 2022 version 17.9:

Version 17.0 and below 17.9.7 is affected.

Microsoft Visual Studio 2022 version 17.4:

Version 17.4.0 and below 17.4.19 is affected.

Microsoft Visual Studio 2022 version 17.6:

Version 17.6.0 and below 17.6.15 is affected.

Microsoft Visual Studio 2022 version 17.8:

Version 17.8.0 and below 17.8.10 is affected.

Microsoft PowerShell 7.4:

Version 7.4.0 and below 7.4.3 is affected.

Vulnerable Packages

The following package name and versions may be associated with CVE-2024-30045

Package Manager	Vulnerable Package	Versions	Fixed In
nuget	Microsoft.NetCore.App.Runtime.win-arm	>= 8.0.0, <= 8.0.4	8.0.5
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm	>= 8.0.0, <= 8.0.4	8.0.5
nuget	Microsoft.NetCore.App.Runtime.win-x86	>= 8.0.0, <= 8.0.4	8.0.5
nuget	Microsoft.NetCore.App.Runtime.win-x86	<= 7.0.18	7.0.19
nuget	Microsoft.NetCore.App.Runtime.win-x64	>= 8.0.0, <= 8.0.4	8.0.5
nuget	Microsoft.NetCore.App.Runtime.win-x64	<= 7.0.18	7.0.19
nuget	Microsoft.NetCore.App.Runtime.win-arm64	<= 7.0.18	7.0.19
nuget	Microsoft.NetCore.App.Runtime.linux-arm	<= 7.0.18	7.0.19
nuget	Microsoft.NetCore.App.Runtime.linux-arm64	<= 7.0.18	7.0.19
nuget	Microsoft.NetCore.App.Runtime.linux-arm	>= 8.0.0, <= 8.0.4	8.0.5
nuget	Microsoft.NetCore.App.Runtime.linux-arm64	>= 8.0.0, <= 8.0.4	8.0.5
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm	<= 7.0.18	7.0.19
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm64	>= 8.0.0, <= 8.0.4	8.0.5
nuget	Microsoft.NetCore.App.Runtime.linux-musl-x64	<= 7.0.18	7.0.19
nuget	Microsoft.NetCore.App.Runtime.linux-musl-x64	>= 8.0.0, <= 8.0.4	8.0.5
nuget	Microsoft.NetCore.App.Runtime.linux-x64	<= 7.0.18	7.0.19
nuget	Microsoft.NetCore.App.Runtime.linux-x64	>= 8.0.0, <= 8.0.4	8.0.5
nuget	Microsoft.NetCore.App.Runtime.osx-arm64	<= 7.0.18	7.0.19
nuget	Microsoft.NetCore.App.Runtime.osx-arm64	>= 8.0.0, <= 8.0.4	8.0.5
nuget	Microsoft.NetCore.App.Runtime.osx-x64	<= 7.0.18	7.0.19
nuget	Microsoft.NetCore.App.Runtime.osx-x64	>= 8.0.0, <= 8.0.4	8.0.5
nuget	Microsoft.NetCore.App.Runtime.win-arm	<= 7.0.18	7.0.19
nuget	Microsoft.NetCore.App.Runtime.win-arm64	>= 8.0.0, <= 8.0.4	8.0.5

Exploit Probability

EPSS

0.32%

Percentile

54.94%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.