PT-2022-4628 · Microsoft+5 · Net Core+9

Published

2022-05-10

·

Updated

2025-10-15

·

CVE-2022-23267

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions .NET Core versions 3.1 through 3.1.24 .NET 5.0 versions 5.0 through 5.0.16 .NET 6.0 versions 6.0 through 6.0.4
Description The issue is related to incorrect cleanup or release of resources in Microsoft Visual Studio and the .NET Framework, which can lead to a denial of service. A malicious client can cause this via excess memory allocations through the HttpClient.
Recommendations For .NET Core 3.1, update to Runtime 3.1.25 or SDK 3.1.419. For .NET 5.0, update to Runtime 5.0.17 or SDK 5.0.214. For .NET 6.0, update to Runtime 6.0.5 or SDK 6.0.105. As a temporary workaround, consider restricting the use of HttpClient to minimize the risk of exploitation.

Fix

Resource Exhaustion

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2022:2199
ALSA-2022:2200
ALSA-2022:2202
ALT-PU-2022-2263
ALT-PU-2022-2837
ALT-PU-2022-2838
ALT-PU-2022-2851
ALT-PU-2022-2852
ALT-PU-2023-1305
ALT-PU-2023-1306
ALT-PU-2023-1307
ALT-PU-2023-1308
ALT-PU-2023-1416
ALT-PU-2023-1417
ALT-PU-2023-1464
ALT-PU-2023-1465
ALT-PU-2023-4713
ALT-PU-2025-2023
BDU:2022-05512
BIT-DOTNET-2022-23267
BIT-DOTNET-SDK-2022-23267
BIT-POWERSHELL-2022-23267
CESA-2022_2199
CESA-2022_2200
CESA-2022_2202
CVE-2022-23267
GHSA-485P-MRJ5-8W2V
INFSA-2022_2200
RHSA-2022:2194
RHSA-2022:2195
RHSA-2022:2196
RHSA-2022:2199
RHSA-2022:2200
RHSA-2022:2202
RHSA-2022:4588
RHSA-2022_2199
RHSA-2022_2200
RHSA-2022_2202
RHSA-2022_4588
RLSA-2022:2199
RLSA-2022:2200
RLSA-2022:2202

Affected Products

.Net Framework
Alt Linux
Almalinux
Centos
Net 5.0
Net 6.0
Net Core
Red Hat
Rocky Linux
Visual Studio