CVE-2023-38180: .NET and Visual Studio Denial of Service Vulnerability

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

Category

Denial of Service

Exploit Status

Actively Exploited

Exploitation Likelihood

Detected

Patch Tuesday

2023-Aug

Released

2023-08-08

Last Updated

2023-08-11

EPSS Score

0.88% (percentile: 75.4%)

CISA KEV

Listed — due 2023-08-30

Affected Products (6)

Developer Tools

• ASP.NET Core 2.1
• .NET 6.0
• .NET 7.0
• Microsoft Visual Studio 2022 version 17.2
• Microsoft Visual Studio 2022 version 17.4
• Microsoft Visual Studio 2022 version 17.6

Security Updates (6)

• Release Notes
• 5029688
• 5029689
• Release Notes
• Release Notes
• Release Notes

Revision History

• 2023-08-08: Information published.
• 2023-08-11: Updated CVE to correct exploit status. This is an informational update only.