Microsoft .NET/VS Remote Code Execution Vulnerability: CVE-2024-43498 November 2024

Microsoft .NET/VS Remote Code Execution Vulnerability
CVE-2024-43498 Published on November 12, 2024

.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability

Weakness Type

What is an Object Type Confusion Vulnerability?

The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

CVE-2024-43498 has been classified to as an Object Type Confusion vulnerability or weakness.

Products Associated with CVE-2024-43498

stack.watch emails you whenever new vulnerabilities are published in Canonical Ubuntu Linux or Microsoft Visual Studio 2022. Just hit a watch button to start following.

Affected Versions

Version 7.5.0 and below 7.5.0 is affected.

Version 17.8.0 and below 17.8.16 is affected.

Version 17.6.0 and below 17.6.21 is affected.

Version 17.10 and below 17.10.9 is affected.

Version 17.11 and below 17.11.6 is affected.

Version 9.0.0 and below 9.0.0 is affected.

Vulnerable Packages

The following package name and versions may be associated with CVE-2024-43498

Package Manager	Vulnerable Package	Versions	Fixed In
nuget	System.Formats.Nrbf	< 9.0.0	9.0.0

Package Manager

Vulnerable Package

Versions

Fixed In

nuget

System.Formats.Nrbf

< 9.0.0

9.0.0

Exploit Probability

EPSS

1.25%

Percentile

79.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.