PT-2022-4630 · Microsoft+5 · .Net Framework+9

Lars Eidnes

·

Published

2022-05-10

·

Updated

2026-05-27

·

CVE-2022-29145

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions .NET Core 3.1 versions 3.1.0 through 3.1.24 .NET 5.0 versions 5.0.0 through 5.0.16 .NET 6.0 versions 6.0.0 through 6.0.4
Description The vulnerability is related to the incorrect cleanup or release of resources in Microsoft Visual Studio and the .NET Framework. It can be exploited by a remote attacker to cause a denial of service when HTML forms are parsed. A malicious client can cause the denial of service.
Recommendations For .NET Core 3.1 versions 3.1.0 through 3.1.24, update to Runtime 3.1.25 or SDK 3.1.419. For .NET 5.0 versions 5.0.0 through 5.0.16, update to Runtime 5.0.17 or SDK 5.0.214 or SDK 5.0.408. For .NET 6.0 versions 6.0.0 through 6.0.4, update to Runtime 6.0.5 or SDK 6.0.105 or SDK 6.0.203.

Fix

DoS

Resource Exhaustion

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2022:2199
ALSA-2022:2200
ALSA-2022:2202
ALT-PU-2022-2837
ALT-PU-2022-2838
ALT-PU-2022-2851
ALT-PU-2022-2852
ALT-PU-2023-1305
ALT-PU-2023-1306
ALT-PU-2023-1307
ALT-PU-2023-1308
ALT-PU-2023-1416
ALT-PU-2023-1417
ALT-PU-2023-1464
ALT-PU-2023-1465
BDU:2022-05514
BIT-DOTNET-2022-29145
BIT-DOTNET-SDK-2022-29145
CESA-2022_2199
CESA-2022_2200
CESA-2022_2202
CVE-2022-29145
GHSA-FCG8-MG9G-6HC4
INFSA-2022_2200
RHSA-2022:2194
RHSA-2022:2195
RHSA-2022:2196
RHSA-2022:2199
RHSA-2022:2200
RHSA-2022:2202
RHSA-2022:4588
RHSA-2022_2199
RHSA-2022_2200
RHSA-2022_2202
RHSA-2022_4588
RLSA-2022:2199
RLSA-2022:2200
RLSA-2022:2202

Affected Products

.Net Framework
Alt Linux
Almalinux
Centos
Net 5.0
Net 6.0
Net Core 3.1
Red Hat
Rocky Linux
Visual Studio