CVE-2022-23267: .NET and Visual Studio Denial of Service Vulnerability
Overview
- Severity
- High (CVSS 7.5)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
- Category
- Denial of Service
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2022-May
- Released
- 2022-05-10
- Last Updated
- 2022-06-14
- EPSS Score
- 8.19% (percentile: 92.2%)
Affected Products (11)
Developer Tools
- .NET Core 3.1
- .NET 5.0
- Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
- Visual Studio 2019 for Mac version 8.10
- Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
- Microsoft Visual Studio 2022 version 17.0
- .NET 6.0
- Microsoft Visual Studio 2022 version 17.1
- PowerShell 7.0
- PowerShell 7.2
- Visual Studio 2022 for Mac version 17.0
Security Updates (10)
Revision History
- 2022-05-10: Information published.
- 2022-05-17: Revised the Security Updates table to include PowerShell 7.0 and PowerShell 7.2 because these versions of PowerShell 7 are affected by this vulnerability. See https://github.com/PowerShell/Announcements/issues/32 for more information. In addition the Security Updates table was updated to include Visual Studio 2019 version 16.11 as it is also affected by this vulnerability. Customers who have already installed the May 2022 security updates for Visual Studio 2019 version 16.11 do not need to take any further action.
- 2022-06-14: Revised the Security Updates table to include Visual Studio 2019 for Mac and Visual Studio 2022 for Mac because these versions of Visual Studio for Mac are affected by this vulnerability. Microsoft strongly recommends that customers running these versions of Visual Studio install the updates to be fully protected from the vulnerability.