INFSA-2024:7851: .NET 6.0 security update
Information about definition
Identificator: INFSA-2024:7851
Type: security
Release date: 2024-10-23 10:35:45 UTC
Information about package
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.135 and .NET Runtime 6.0.35.
Vulnerabilities description
- CVE-2024-43483
A flaw was found in dotnet. The System.Security.Cryptography.Cose, System.IO.Packaging and System.Runtime.Caching components may be exposed to hostile input, making them susceptible to hash flooding attacks, resulting in denial of service.
- CVE-2024-43484
A flaw was found in dotnet. The System.IO.Packaging library may allow untrusted inputs to influence algorithmically complex operations, resulting in a denial of service.
- CVE-2024-43485
A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an [ExtensionData] property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-43483
|
no information | 7.5 | no information |
|
NIST — CVE-2024-43484
|
no information | 7.5 | no information |
|
NIST — CVE-2024-43485
|
no information | 7.5 | no information |
Updated packages