PT-2023-6133 · Microsoft+1 · .Net Framework+4

Ziming Zhang

·

Publicado

2023-10-10

·

Atualizado

2024-12-13

·

CVE-2023-38171

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Microsoft QUIC (affected versions not specified) Windows (affected versions not specified) .NET (affected versions not specified) Visual Studio (affected versions not specified)
Description The vulnerability is related to insufficient input validation in the Microsoft QUIC protocol implementation, which can be exploited by a remote attacker to cause a denial of service. This can result in the MsQuic server application or process crashing. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.
Recommendations For Microsoft QUIC, consider disabling the MsQuic functionality until a patch is available. For Windows, .NET, and Visual Studio, upgrade to the patched versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability, except for upgrading to the patched versions or disabling MsQuic functionality.

Correção

DoS

NULL Pointer Dereference

Resource Exhaustion

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476CWE-400CWE-20

Identificadores relacionados

ALT-PU-2024-1065
ALT-PU-2024-1066
ALT-PU-2024-1067
ALT-PU-2024-16796
ALT-PU-2024-16939
ALT-PU-2024-2765
ALT-PU-2024-2767
BDU:2023-06839
BIT-DOTNET-2023-38171
BIT-DOTNET-SDK-2023-38171
CVE-2023-38171
GHSA-XH5M-8QQP-C5X7

Produtos afetados

.Net Framework
Alt Linux
Quic
Visual Studio
Windows