CVE-2022-38013

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions .NET Core versions prior to 3.1.29 .NET 6.0 versions prior to 6.0.9

Description A denial of service issue exists due to incorrect resource cleanup, allowing a remote attacker to cause a stack overflow by sending a customized payload during model binding. This may result in a denial of service attack.

Recommendations For .NET Core 3.1 versions prior to 3.1.29, update to version 3.1.29 or later. For .NET 6.0 versions prior to 6.0.9, update to version 6.0.9 or later. As a temporary workaround, consider restricting access to the affected API endpoints until a patch is available.

Fix

Improper Resource Release

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-200

Related Identifiers

ALSA-2022:6521

ALSA-2022:6523

ALSA-2022:6539

ALT-PU-2022-3423

ALT-PU-2022-3424

ALT-PU-2023-1305

ALT-PU-2023-1306

ALT-PU-2023-1418

ALT-PU-2023-1420

ALT-PU-2023-1466

ALT-PU-2023-1468

BDU:2023-06584

BDU:2023-06585

BIT-DOTNET-2022-38013

BIT-DOTNET-SDK-2022-38013

CESA-2022_6523

CESA-2022_6539

CVE-2022-38013

GHSA-R8M2-4X37-6592

RHSA-2022:6520

RHSA-2022:6521

RHSA-2022:6522

RHSA-2022:6523

RHSA-2022:6539

RHSA-2022_6521

RHSA-2022_6523

RHSA-2022_6539

RLSA-2022:6523

RLSA-2022:6539

USN-5609-1

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Net 6.0

Net Core

Red Hat

Rocky Linux

Ubuntu

CVE-2022-38013

Weakness Enumeration

Related Identifiers

Affected Products

References · 49