PT-2023-4225 · Microsoft+8 · Net+9
Published
2023-08-08
·
Updated
2026-05-07
·
CVE-2023-38180
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
.NET and Visual Studio versions prior to the fixed version in August 2023 Patch Tuesday
Description
The issue is related to a Denial of Service (DoS) vulnerability in .NET and Visual Studio. It can be exploited for DoS attacks with no user interaction, allowing a remote attacker to cause a denial of service. The vulnerability has been added to the Known Exploited Vulnerabilities catalog due to active exploitation. Microsoft has issued fixes in their August Patch Tuesday.
Recommendations
For .NET and Visual Studio versions prior to the fixed version in August 2023 Patch Tuesday:
Apply the August 2023 Patch Tuesday updates to fix the vulnerability.
As a temporary workaround, consider restricting access to vulnerable components until a patch is available.
Avoid using potentially vulnerable functions or parameters in affected API endpoints until the issue is resolved.
At the moment, there is no information about additional mitigation measures.
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Linuxmint
Net
Red Hat
Red Os
Rocky Linux
Ubuntu
Visual Studio