INFSA-2024:7868: .NET 8.0 security update
Information about definition
Identificator: INFSA-2024:7868
Type: security
Release date: 2024-10-23 10:32:50 UTC
Information about package
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.110 and .NET Runtime 8.0.10.
Vulnerabilities description
- CVE-2024-38229
A flaw was found in dotnet. When closing an HTTP/3 stream while application code is writing to the response body, a race condition can cause a use-after-free.
- CVE-2024-43483
A flaw was found in dotnet. The System.Security.Cryptography.Cose, System.IO.Packaging and System.Runtime.Caching components may be exposed to hostile input, making them susceptible to hash flooding attacks, resulting in denial of service.
- CVE-2024-43484
A flaw was found in dotnet. The System.IO.Packaging library may allow untrusted inputs to influence algorithmically complex operations, resulting in a denial of service.
- CVE-2024-43485
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an [ExtensionData] property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-38229
|
no information | 8.1 | no information |
|
NIST — CVE-2024-43483
|
no information | 7.5 | no information |
|
NIST — CVE-2024-43484
|
no information | 7.5 | no information |
|
NIST — CVE-2024-43485
|
no information | 7.5 | no information |
Updated packages