Name of the Vulnerable Software and Affected Versions:

.NET 6.0.0 through 6.0.36

.NET 8.0.0 through 8.0.11

.NET 9.0.0

Description:

A buffer over-read issue exists in DiaSymReader.dll. This occurs when a product reads from a buffer using buffer access mechanisms that reference memory locations after the targeted buffer. This affects self-contained applications targeting the impacted versions, which require recompilation and redeployment. The affected software components are End Of Life (EOL) and will not receive further updates or support.

Recommendations:

Recompile and redeploy self-contained applications targeting .NET 6.0.0 through 6.0.36.

Recompile and redeploy self-contained applications targeting .NET 8.0.0 through 8.0.11.

Recompile and redeploy self-contained applications targeting .NET 9.0.0.