INFSA-2022:2200: .NET 5.0 security update
Information about definition
Identificator: INFSA-2022:2200
Type: security
Release date: 2025-10-31 13:04:09 UTC
Information about package
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core Runtime 5.0.17.
Vulnerabilities description
- CVE-2022-23267
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient.
- CVE-2022-29117
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that many chunks.
- CVE-2022-29145
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2022-23267
|
no information | 7.5 | no information |
|
NIST — CVE-2022-29117
|
no information | 7.5 | no information |
|
NIST — CVE-2022-29145
|
no information | 7.5 | no information |
Updated packages
Preparing to download...