CVE-2024-30046: Visual Studio Denial of Service Vulnerability

Overview

Severity

Medium (CVSS 5.9)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Category

Denial of Service

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Publicly Disclosed

Yes

Patch Tuesday

2024-May

Released

2024-05-14

Last Updated

2024-05-15

EPSS Score

0.18% (percentile: 39.6%)

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.

Affected Products (6)

Developer Tools

• .NET 7.0
• .NET 8.0
• Microsoft Visual Studio 2022 version 17.9
• Microsoft Visual Studio 2022 version 17.4
• Microsoft Visual Studio 2022 version 17.6
• Microsoft Visual Studio 2022 version 17.8

Security Updates (6)

• 5038351
• 5038352
• Release Notes
• Release Notes
• Release Notes
• Release Notes

Revision History

• 2024-05-14: Information published.
• 2024-05-15: The following corrctions have been made: 1) Revised the Security Updates table to include .NET 7.0 and .NET 8.0 because these versions of .NET are affected by this vulnerability. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. 2) Updated title to include .NET. This is an informational change only.