CVE-2022-29117

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions .NET Core 3.1 versions prior to 3.1.25 .NET 5.0 versions prior to 5.0.17 .NET 6.0 versions prior to 6.0.5

Description The issue is related to a Denial of Service vulnerability in .NET and Visual Studio, where a malicious client can manipulate cookies and cause a Denial of Service. This vulnerability exists due to incorrect cleanup or release of resources.

Recommendations For .NET Core 3.1 versions prior to 3.1.25, update to Runtime 3.1.25 or SDK 3.1.419. For .NET 5.0 versions prior to 5.0.17, update to Runtime 5.0.17 or SDK 5.0.214. For .NET 6.0 versions prior to 6.0.5, update to Runtime 6.0.5 or SDK 6.0.105.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2022:2199

ALSA-2022:2200

ALSA-2022:2202

ALT-PU-2022-2837

ALT-PU-2022-2838

ALT-PU-2022-2851

ALT-PU-2022-2852

ALT-PU-2023-1305

ALT-PU-2023-1306

ALT-PU-2023-1307

ALT-PU-2023-1308

ALT-PU-2023-1416

ALT-PU-2023-1417

ALT-PU-2023-1464

ALT-PU-2023-1465

BDU:2022-05513

BIT-DOTNET-2022-29117

BIT-DOTNET-SDK-2022-29117

CESA-2022_2199

CESA-2022_2200

CESA-2022_2202

CVE-2022-29117

GHSA-3RQ8-H3GJ-R5C6

INFSA-2022_2200

RHSA-2022:2194

RHSA-2022:2195

RHSA-2022:2196

RHSA-2022:2199

RHSA-2022:2200

RHSA-2022:2202

RHSA-2022:4588

RHSA-2022_2199

RHSA-2022_2200

RHSA-2022_2202

RHSA-2022_4588

RLSA-2022:2199

RLSA-2022:2200

RLSA-2022:2202

Affected Products

Alt Linux

Almalinux

Centos

Net 5.0

Net 6.0

Net Core 3.1

Red Hat

Rocky Linux

Visual Studio

CVE-2022-29117

Weakness Enumeration

Related Identifiers

Affected Products

References · 46