Bartłomiej Dach

**Name of the Vulnerable Software and Affected Versions** .NET 8.0 versions 8.0.0 through 8.0.24 .NET 9.0 versions 9.0.0 through 9.0.13 .NET 10.0 versions 10.0.0 through 10.0.3 **Description** An uncontrolled resource allocation issue exists in ASP.NET Core, potentially allowing an unauthorized attacker to cause a denial of service (DoS) over a network. The issue stems from the lack of limits or throttling on resource allocation. A specially crafted message to a SignalR server can exhaust an internal buffer, leading to service disruption. It is estimated that a large number of devices worldwide could be affected. **Recommendations** Update to .NET 8.0.25. Update to .NET 9.0.14. Update to .NET 10.0.4.