Vcsjones

**Name of the Vulnerable Software and Affected Versions** .NET (affected versions not specified) Visual Studio (affected versions not specified) **Description** A stack-based buffer overflow allows an unauthorized attacker to cause a denial of service over a network. A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially overwriting adjacent memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** .NET versions 8.0.0 through 8.0.22 .NET versions 9.0.0 through 9.0.12 .NET versions 10.0.0 through 10.0.2 **Description** The software contains a security feature bypass issue due to improper handling of missing special elements. An attacker could exploit this by crafting a malicious payload that bypasses security checks in the affected System.Security.Cryptography.Cose versions, potentially leading to unauthorized access or data manipulation. If an application does not use System.Security.Cryptography.Cose, it is not affected. **Recommendations** Update the System.Security.Cryptography.Cose NuGet package to version 8.0.24 for .NET 8.0. Update the System.Security.Cryptography.Cose NuGet package to version 9.0.13 for .NET 9.0. Update the System.Security.Cryptography.Cose NuGet package to version 10.0.3 for .NET 10.0.