PT-2022-4632 · Microsoft+5 · Visual Studio+8
Published
2022-03-08
·
Updated
2026-05-27
·
CVE-2022-24512
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
.NET versions prior to 6.0.3
.NET 5.0 versions prior to 5.0.15
.NET Core 3.1 versions prior to 3.1.23
Description
The issue is related to a buffer overflow due to unchecked input data, which can allow a remote attacker to execute arbitrary code. This is a Remote Code Execution vulnerability in .NET and Visual Studio.
Recommendations
For .NET 6.0, update to Runtime 6.0.3 or SDK 6.0.103 (for Visual Studio 2019 v17.0) or SDK 6.0.201 (for Visual Studio 2019 V17.1).
For .NET 5.0, update to Runtime 5.0.15 or SDK 5.0.406 (for Visual Studio 2019 v16.11) or SDK 5.0.212 (for Visual Studio 2019 V16.9).
For .NET Core 3.1, update to Runtime 3.1.23 or SDK 3.1.417 (for Visual Studio 2019 v16.7).
Updates are also available from Microsoft Update, accessible by searching "Check for updates" in Windows search or through Settings, Update & Security, and then clicking Check for Updates.
Fix
RCE
Code Injection
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Net
Net Core
Red Hat
Rocky Linux
Visual Studio
Windows