Jul 2024: .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-38095 Published on July 9, 2024

.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability

Github Repository Vendor Advisory NVD

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2024-38095

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-38095 are published in these products:

Canonical Ubuntu Linux

Microsoft Visual Studio 2022

Microsoft Net

Microsoft Powershell

Microsoft Visual Studio

Affected Versions

Microsoft PowerShell 7.4:

Version 7.4.0 and below 7.4.4 is affected.

Microsoft PowerShell 7.2:

Version 7.2.0 and below 7.2.22 is affected.

Microsoft .NET 6.0:

Version 6.0.0 and below 6.0.32 is affected.

Microsoft .NET 8.0:

Version 8.0 and below 8.0.7 is affected.

Microsoft Visual Studio 2022 version 17.4:

Version 17.4.0 and below 17.4.21 is affected.

Microsoft Visual Studio 2022 version 17.6:

Version 17.6.0 and below 17.6.17 is affected.

Microsoft Visual Studio 2022 version 17.8:

Version 17.8.0 and below 17.8.12 is affected.

Microsoft Visual Studio 2022 version 17.10:

Version 17.10 and below 17.10.4 is affected.

Vulnerable Packages

The following package name and versions may be associated with CVE-2024-38095

Package Manager	Vulnerable Package	Versions	Fixed In
nuget	Microsoft.NetCore.App.Runtime.linux-arm	>= 6.0.0, <= 6.0.31	6.0.32
nuget	Microsoft.NetCore.App.Runtime.linux-arm64	>= 8.0.0, <= 8.0.6	8.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-arm	>= 8.0.0, <= 8.0.6	8.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-arm64	>= 6.0.0, <= 6.0.31	6.0.32
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm	>= 8.0.0, <= 8.0.6	8.0.7
nuget	Microsoft.NetCore.App.Runtime.win-x86	>= 6.0.0, <= 6.0.31	6.0.32
nuget	System.Formats.Asn1	>= 7.0.0-preview.1.22076.8, < 8.0.1	8.0.1
nuget	System.Formats.Asn1	>= 5.0.0-preview.7.20364.11, < 6.0.1	6.0.1
nuget	Microsoft.NetCore.App.Runtime.win-x86	>= 8.0.0, <= 8.0.6	8.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm	>= 6.0.0, <= 6.0.31	6.0.32
nuget	Microsoft.NetCore.App.Runtime.osx-arm64	>= 8.0.0, <= 8.0.6	8.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm64	>= 8.0.0, <= 8.0.6	8.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm64	>= 6.0.0, <= 6.0.31	6.0.32
nuget	Microsoft.NetCore.App.Runtime.linux-musl-x64	>= 8.0.0, <= 8.0.6	8.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-musl-x64	>= 6.0.0, <= 6.0.31	6.0.32
nuget	Microsoft.NetCore.App.Runtime.linux-x64	>= 8.0.0, <= 8.0.6	8.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-x64	>= 6.0.0, <= 6.0.31	6.0.32
nuget	Microsoft.NetCore.App.Runtime.win-x64	>= 6.0.0, <= 6.0.31	6.0.32
nuget	Microsoft.NetCore.App.Runtime.osx-arm64	>= 6.0.0, <= 6.0.31	6.0.32
nuget	Microsoft.NetCore.App.Runtime.osx-x64	>= 8.0.0, <= 8.0.6	8.0.7
nuget	Microsoft.NetCore.App.Runtime.osx-x64	>= 6.0.0, <= 6.0.31	6.0.32
nuget	Microsoft.NetCore.App.Runtime.win-arm	>= 8.0.0, <= 8.0.6	8.0.7
nuget	Microsoft.NetCore.App.Runtime.win-arm	>= 6.0.0, <= 6.0.31	6.0.32
nuget	Microsoft.NetCore.App.Runtime.win-arm64	>= 8.0.0, <= 8.0.6	8.0.7
nuget	Microsoft.NetCore.App.Runtime.win-arm64	>= 6.0.0, <= 6.0.31	6.0.32
nuget	Microsoft.NetCore.App.Runtime.win-x64	>= 8.0.0, <= 8.0.6	8.0.7

Exploit Probability

EPSS

2.01%

Percentile

83.43%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.