PT-2023-4300 · Microsoft+7 · Visual Studio+8

Ycdxsb

·

Published

2023-08-08

·

Updated

2025-01-01

·

CVE-2023-35390

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Microsoft Visual Studio versions (affected versions not specified) Microsoft .NET versions (affected versions not specified)
Description The issue is related to insufficient input validation in Microsoft Visual Studio and the .NET platform, which can allow an attacker to disclose protected information.
Recommendations For Microsoft Visual Studio, update to a version that includes the fix for this issue. For Microsoft .NET, apply the recommended configuration changes to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-20

Related Identifiers

ALSA-2023:4642
ALSA-2023:4643
ALSA-2023:4644
ALSA-2023:4645
ALT-PU-2024-1066
ALT-PU-2024-1067
ALT-PU-2024-1068
ALT-PU-2024-1069
ALT-PU-2024-16792
ALT-PU-2024-16794
ALT-PU-2024-16796
ALT-PU-2024-16939
ALT-PU-2024-2761
ALT-PU-2024-2763
ALT-PU-2024-2765
ALT-PU-2024-2767
BDU:2023-04621
BIT-DOTNET-2023-35390
BIT-DOTNET-SDK-2023-35390
CESA-2023_4643
CESA-2023_4645
CVE-2023-35390
GHSA-P8RX-FWGQ-RH2F
RHSA-2023:4639
RHSA-2023:4640
RHSA-2023:4641
RHSA-2023:4642
RHSA-2023:4643
RHSA-2023:4644
RHSA-2023:4645
RHSA-2023_4642
RHSA-2023_4643
RHSA-2023_4644
RHSA-2023_4645
RLSA-2023:4643
RLSA-2023:4645
USN-6278-1
USN-6278-2

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
.Net Framework
Visual Studio
Red Hat
Rocky Linux
Ubuntu