CVE-2022-38013: .NET Core and Visual Studio Denial of Service Vulnerability

Overview

Severity: High (CVSS 7.5)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Category: Denial of Service
Exploit Status: Not Exploited
Exploitation Likelihood: Less Likely
Patch Tuesday: 2022-Sep
Released: 2022-09-13
EPSS Score: 1.13% (percentile: 78.3%)

Affected Products (8)

Developer Tools

Visual Studio 2022 for Mac version 17.3
Microsoft Visual Studio 2022 version 17.3
.NET Core 3.1
.NET 6.0
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Microsoft Visual Studio 2022 version 17.0
Microsoft Visual Studio 2022 version 17.2

Security Updates (8)

Acknowledgments

Graham Esau with <a href="https://www.vonage.com/">Vonage</a>, Graham Esau with <a href="https://vonage.com/">Vonage</a>

Revision History

2022-09-13: Information published.