PT-2025-36469 · Microsoft+1 · .Net 6.0.36+6
Published
2025-01-14
·
Updated
2025-10-02
·
CVE-2025-36855
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
.NET 6.0.0 through 6.0.36
.NET 8.0.0 through 8.0.11
.NET 9.0.0
Description:
A buffer over-read issue exists in DiaSymReader.dll. This occurs when a product reads from a buffer using buffer access mechanisms that reference memory locations after the targeted buffer. This affects self-contained applications targeting the impacted versions, which require recompilation and redeployment. The affected software components are End Of Life (EOL) and will not receive further updates or support.
Recommendations:
Recompile and redeploy self-contained applications targeting .NET 6.0.0 through 6.0.36.
Recompile and redeploy self-contained applications targeting .NET 8.0.0 through 8.0.11.
Recompile and redeploy self-contained applications targeting .NET 9.0.0.
Fix
RCE
Buffer Over-read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
.Net 6.0.0
.Net 6.0.36
.Net 8.0.0
.Net 8.0.11
.Net 9.0.0
Diasymreader.Dll
Red Os