Microsoft · Net Core · CVE-2022-38013
**Name of the Vulnerable Software and Affected Versions**
.NET Core versions prior to 3.1.29
.NET 6.0 versions prior to 6.0.9
**Description**
A denial of service issue exists due to incorrect resource cleanup, allowing a remote attacker to cause a stack overflow by sending a customized payload during model binding. This may result in a denial of service attack.
**Recommendations**
For .NET Core 3.1 versions prior to 3.1.29, update to version 3.1.29 or later.
For .NET 6.0 versions prior to 6.0.9, update to version 6.0.9 or later.
As a temporary workaround, consider restricting access to the affected API endpoints until a patch is available.