PT-2023-6133 · Microsoft+1 · .Net Framework+4

Ziming Zhang

Published

2023-10-10

Updated

2024-12-13

CVE-2023-38171

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Microsoft QUIC (affected versions not specified) Windows (affected versions not specified) .NET (affected versions not specified) Visual Studio (affected versions not specified)

Description The vulnerability is related to insufficient input validation in the Microsoft QUIC protocol implementation, which can be exploited by a remote attacker to cause a denial of service. This can result in the MsQuic server application or process crashing. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Microsoft QUIC, consider disabling the MsQuic functionality until a patch is available. For Windows, .NET, and Visual Studio, upgrade to the patched versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability, except for upgrading to the patched versions or disabling MsQuic functionality.

Fix

DoS

NULL Pointer Dereference

Resource Exhaustion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-400CWE-20

Related Identifiers

ALT-PU-2024-1065

ALT-PU-2024-1066

ALT-PU-2024-1067

ALT-PU-2024-16796

ALT-PU-2024-16939

ALT-PU-2024-2765

ALT-PU-2024-2767

BDU:2023-06839

BIT-DOTNET-2023-38171

BIT-DOTNET-SDK-2023-38171

CVE-2023-38171

GHSA-XH5M-8QQP-C5X7

Affected Products

.Net Framework

Alt Linux

Quic

Visual Studio

Windows

PT-2023-6133 · Microsoft+1 · .Net Framework+4

CVE-2023-38171

Weakness Enumeration

Related Identifiers

Affected Products

References · 15