Headline
RHSA-2023:4449: Red Hat Security Advisory: .NET 6.0 security update
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates.
- CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack.
- CVE-2023-33128: A vulnerability was found in dotnet. This issue may allow remote code execution via source generators that can lead to a crash due to unmanaged heap corruption.
- CVE-2023-33170: A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability.
Synopsis
Important: .NET 6.0 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20.
Security Fix(es):
- dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331)
- dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337)
- dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128)
- dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method (CVE-2023-33170)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2212617 - CVE-2023-29331 dotnet: .NET Kestrel: Denial of Service processing X509 Certificates
- BZ - 2212618 - CVE-2023-33128 dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption
- BZ - 2213703 - CVE-2023-29337 dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack
- BZ - 2221854 - CVE-2023-33170 dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method
CVEs
- CVE-2023-29331
- CVE-2023-29337
- CVE-2023-33128
- CVE-2023-33170
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
dotnet6.0-6.0.120-1.el9_0.src.rpm
SHA-256: 6327f073903f657cfa78f46c06bf2b9be43ed3c0e77bf61e1971e3875758412e
x86_64
aspnetcore-runtime-6.0-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 7cb0fcdc2844f7f033026b046f8bb7582a976cf75ddf892591e04b391ed65ed3
aspnetcore-targeting-pack-6.0-6.0.20-1.el9_0.x86_64.rpm
SHA-256: e1b5db4d7a4db42313f28e87ea0c545b389fe1c9dcd2ba15e40ba5f53dbc0b9b
dotnet-apphost-pack-6.0-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 05a911c1effc54effe4f37baf13befb34252c0469dd4cb21a5754af35f6ca3cf
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm
SHA-256: d8ba4b524f6f538174d1dabed0a1997ffdb9ef5ff5ecd7d603f5fe171133c233
dotnet-host-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 0f8abd1135edb64d306dfa0318bf96bd1e60a13e089aba8c0092abfc3eb29eab
dotnet-host-debuginfo-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 91d7dbd393d65606309c79ee55101aba6996d5dc8328a6f8f67af5b6d39a7145
dotnet-hostfxr-6.0-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 71497e069621613dc7ef635bb9de45c8ef73d9361a59aef3b058c7a79c104890
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 336beb3ff039aec806b18941130834fa3bbd06c3bcc81761220eb11d54976d2c
dotnet-runtime-6.0-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 68fcd00f1f408da6044ca462bdfd5314ee7174c39ff4458afbfe196355bc16f0
dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 4f3d27f1d99b84d16b0d62cc16e1f1ba8f5a6045692b86b19a22c49fae5ac4ee
dotnet-sdk-6.0-6.0.120-1.el9_0.x86_64.rpm
SHA-256: 89c97d648a5a7192aaf3fb952c83278dca08c910470e173c2bba3f9eff3ee5f6
dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.x86_64.rpm
SHA-256: 03af3b0b1b43e24e1f619dcbd9576ad831749067dc36c803a9b5b108635b414b
dotnet-targeting-pack-6.0-6.0.20-1.el9_0.x86_64.rpm
SHA-256: d4197bc1162280b05ea76264925dda3f5a8931d80786616a4e7aa0ffbc615292
dotnet-templates-6.0-6.0.120-1.el9_0.x86_64.rpm
SHA-256: bb4a6aa8ef9ae8026ba9d957a6e30c9b35e1aad043f985a0e0dc28c3e93c44a7
dotnet6.0-debuginfo-6.0.120-1.el9_0.x86_64.rpm
SHA-256: f0d3f512708fcd7d97688b4d9b265b93949019c7a9dde206283ee67c760f20e1
dotnet6.0-debugsource-6.0.120-1.el9_0.x86_64.rpm
SHA-256: c790f59c18098c2d1c62d5edde27d1ca919b393e622cdfb05e5831fa975a3ba5
netstandard-targeting-pack-2.1-6.0.120-1.el9_0.x86_64.rpm
SHA-256: 34e08d3e6a8a749e8ea0081cb7a0a85de10ceb83b4ec557a25b4fff27af91bdd
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
dotnet6.0-6.0.120-1.el9_0.src.rpm
SHA-256: 6327f073903f657cfa78f46c06bf2b9be43ed3c0e77bf61e1971e3875758412e
s390x
aspnetcore-runtime-6.0-6.0.20-1.el9_0.s390x.rpm
SHA-256: 8fad060e0e98fd483923f59f46e4f1421c3eb1ed5302c0375748858245e5d8b3
aspnetcore-targeting-pack-6.0-6.0.20-1.el9_0.s390x.rpm
SHA-256: 0b4dde6d319688b30c40d37140581005bad5f4ea76a677cf72367cdae269e232
dotnet-apphost-pack-6.0-6.0.20-1.el9_0.s390x.rpm
SHA-256: 3e3989697eee7d6717a71e62f16ed7002ae0a14e6ff1de7c750f042ea77070e7
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm
SHA-256: c1875f7fb8a47100736fc5a5145f6b96cb70f9cc825cec0118b690e9ffe2b846
dotnet-host-6.0.20-1.el9_0.s390x.rpm
SHA-256: 8f26644e1e84e7b42d2d92a0d535a6a75ccfc487c3283fb0a7a5f6b115546b05
dotnet-host-debuginfo-6.0.20-1.el9_0.s390x.rpm
SHA-256: a9c742e2d0cda43f7e2fa1e4e7c8d0f24c4525c20735e69a49613941f1faa100
dotnet-hostfxr-6.0-6.0.20-1.el9_0.s390x.rpm
SHA-256: 3802fbd750738ff69b7e9abc225048e9c4b12510e94f803c44ea66e1e109d3e2
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm
SHA-256: 331d586a4f8eb31d4f24154744def1b7cf42c7eb34676a317ffc6e700a33c387
dotnet-runtime-6.0-6.0.20-1.el9_0.s390x.rpm
SHA-256: 7ae6c325d98a9068a4ad273484ee735fe065b276b2c80002933ad2606a22a585
dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm
SHA-256: 96ae72641d36eaf8b80bbd30fd00ed01711733f63475be560c0eb03a5f2280e3
dotnet-sdk-6.0-6.0.120-1.el9_0.s390x.rpm
SHA-256: 34f2c3fa86840ebc2dcdb61d1b9c38e530a07f6846e9a39b7d80a640acf40e81
dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.s390x.rpm
SHA-256: 440bff9370b2069fe68cb01eacf314e0c75b96a3a39be8e8319f1bd74e27e607
dotnet-targeting-pack-6.0-6.0.20-1.el9_0.s390x.rpm
SHA-256: 61b42acdba7f334df4d5a6d5d5fab1ee1ec6b5d69b81422ec9a7bf6be86e1a3f
dotnet-templates-6.0-6.0.120-1.el9_0.s390x.rpm
SHA-256: 1b199711c677e0b74de172ed19ebcbd66d4b6e4b89a65f6f3c23bf5abf74fdb6
dotnet6.0-debuginfo-6.0.120-1.el9_0.s390x.rpm
SHA-256: 4d8e2da422463e7369ec6c207df95980438cc7e7116965b0c8546d8f9a78eb5a
dotnet6.0-debugsource-6.0.120-1.el9_0.s390x.rpm
SHA-256: e26d20eea85b55245642a379b65ebc3f8d7c691a33169ce27b348703842a9701
netstandard-targeting-pack-2.1-6.0.120-1.el9_0.s390x.rpm
SHA-256: 1d1a544aed6e6f99247dedeba3ccfcd013b7449d3886ac06018b7a35472d90c3
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
dotnet6.0-6.0.120-1.el9_0.src.rpm
SHA-256: 6327f073903f657cfa78f46c06bf2b9be43ed3c0e77bf61e1971e3875758412e
aarch64
aspnetcore-runtime-6.0-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 3e9fb05d77000a0bcabc306f15d61897a771ee29c82bdb607cdbac2c9214ad4e
aspnetcore-targeting-pack-6.0-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 7ae3b7a42260469a31afaed18519bbf73eb7251c646b804d7db9acf4d8fe65b2
dotnet-apphost-pack-6.0-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 451bafed0b7ed00078c3e5fb5c09ca0f0dd0475b40e21f9f4c82951da94da86c
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 51bb2426b4104885143bb41a0eb6ce82c2e93971d29b62125d57aed940127015
dotnet-host-6.0.20-1.el9_0.aarch64.rpm
SHA-256: a78a9ce90e15673b262b17e699c86e82f6652e01c4b43474eb80fcdef9249bed
dotnet-host-debuginfo-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 385d8f02929b7ec34fedb03bc1ddcfbec29e655060ca18adee30126898e59a5a
dotnet-hostfxr-6.0-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 8b2003447efb842e9a47aeb96d4a737474f045f5413486326ff8b316e0d2f86c
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm
SHA-256: ae98c1b0339624bbda5fea60d2d6607a83dd2fa3674cacac54670829ca7c2fd7
dotnet-runtime-6.0-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 69df296b56487fe09a1527b4993de7fe7d884bbdc62d5629c1126fff55f46255
dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 73cd56e6efae51cd288bfe39ac68ead31a37edc4dd06475e05822842067937de
dotnet-sdk-6.0-6.0.120-1.el9_0.aarch64.rpm
SHA-256: 689dec03399b85e53ec313471306385ace155ddee8ee23878da2227f5e019302
dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.aarch64.rpm
SHA-256: c1409f242b91c23bfabd9dc8c3e7a2b6102664ebb56921d379198ba12d11cd83
dotnet-targeting-pack-6.0-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 2be3aafcefa6cbe54565a83d2bc91ae0a1a35c19a358bbf6a898f261f0c6644b
dotnet-templates-6.0-6.0.120-1.el9_0.aarch64.rpm
SHA-256: 365f391ad96e3cfb62b9023c3f416a96e82b818677136ebf19f3329a2174e0c9
dotnet6.0-debuginfo-6.0.120-1.el9_0.aarch64.rpm
SHA-256: 5a8b87c55f4c48fcb638e137e2fc26bb854c5fb884a32843989c8df432c82de2
dotnet6.0-debugsource-6.0.120-1.el9_0.aarch64.rpm
SHA-256: e7e617b41b278648f7038b7d47dc433dffc82d47245bc6741406bb05e36017b2
netstandard-targeting-pack-2.1-6.0.120-1.el9_0.aarch64.rpm
SHA-256: 49dd1626ae2fa83fcb599c57c63ae21572bed7405d46f3becb38f9e6d8673b2c
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
dotnet6.0-6.0.120-1.el9_0.src.rpm
SHA-256: 6327f073903f657cfa78f46c06bf2b9be43ed3c0e77bf61e1971e3875758412e
x86_64
aspnetcore-runtime-6.0-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 7cb0fcdc2844f7f033026b046f8bb7582a976cf75ddf892591e04b391ed65ed3
aspnetcore-targeting-pack-6.0-6.0.20-1.el9_0.x86_64.rpm
SHA-256: e1b5db4d7a4db42313f28e87ea0c545b389fe1c9dcd2ba15e40ba5f53dbc0b9b
dotnet-apphost-pack-6.0-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 05a911c1effc54effe4f37baf13befb34252c0469dd4cb21a5754af35f6ca3cf
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm
SHA-256: d8ba4b524f6f538174d1dabed0a1997ffdb9ef5ff5ecd7d603f5fe171133c233
dotnet-host-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 0f8abd1135edb64d306dfa0318bf96bd1e60a13e089aba8c0092abfc3eb29eab
dotnet-host-debuginfo-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 91d7dbd393d65606309c79ee55101aba6996d5dc8328a6f8f67af5b6d39a7145
dotnet-hostfxr-6.0-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 71497e069621613dc7ef635bb9de45c8ef73d9361a59aef3b058c7a79c104890
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 336beb3ff039aec806b18941130834fa3bbd06c3bcc81761220eb11d54976d2c
dotnet-runtime-6.0-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 68fcd00f1f408da6044ca462bdfd5314ee7174c39ff4458afbfe196355bc16f0
dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 4f3d27f1d99b84d16b0d62cc16e1f1ba8f5a6045692b86b19a22c49fae5ac4ee
dotnet-sdk-6.0-6.0.120-1.el9_0.x86_64.rpm
SHA-256: 89c97d648a5a7192aaf3fb952c83278dca08c910470e173c2bba3f9eff3ee5f6
dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.x86_64.rpm
SHA-256: 03af3b0b1b43e24e1f619dcbd9576ad831749067dc36c803a9b5b108635b414b
dotnet-targeting-pack-6.0-6.0.20-1.el9_0.x86_64.rpm
SHA-256: d4197bc1162280b05ea76264925dda3f5a8931d80786616a4e7aa0ffbc615292
dotnet-templates-6.0-6.0.120-1.el9_0.x86_64.rpm
SHA-256: bb4a6aa8ef9ae8026ba9d957a6e30c9b35e1aad043f985a0e0dc28c3e93c44a7
dotnet6.0-debuginfo-6.0.120-1.el9_0.x86_64.rpm
SHA-256: f0d3f512708fcd7d97688b4d9b265b93949019c7a9dde206283ee67c760f20e1
dotnet6.0-debugsource-6.0.120-1.el9_0.x86_64.rpm
SHA-256: c790f59c18098c2d1c62d5edde27d1ca919b393e622cdfb05e5831fa975a3ba5
netstandard-targeting-pack-2.1-6.0.120-1.el9_0.x86_64.rpm
SHA-256: 34e08d3e6a8a749e8ea0081cb7a0a85de10ceb83b4ec557a25b4fff27af91bdd
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0
SRPM
x86_64
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm
SHA-256: d8ba4b524f6f538174d1dabed0a1997ffdb9ef5ff5ecd7d603f5fe171133c233
dotnet-host-debuginfo-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 91d7dbd393d65606309c79ee55101aba6996d5dc8328a6f8f67af5b6d39a7145
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 336beb3ff039aec806b18941130834fa3bbd06c3bcc81761220eb11d54976d2c
dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm
SHA-256: 4f3d27f1d99b84d16b0d62cc16e1f1ba8f5a6045692b86b19a22c49fae5ac4ee
dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.x86_64.rpm
SHA-256: 03af3b0b1b43e24e1f619dcbd9576ad831749067dc36c803a9b5b108635b414b
dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el9_0.x86_64.rpm
SHA-256: cbe107e22ed98aba90aa602c3bdf9d299be6dfc5d9795dc16dbfdc66ba2d6d72
dotnet6.0-debuginfo-6.0.120-1.el9_0.x86_64.rpm
SHA-256: f0d3f512708fcd7d97688b4d9b265b93949019c7a9dde206283ee67c760f20e1
dotnet6.0-debugsource-6.0.120-1.el9_0.x86_64.rpm
SHA-256: c790f59c18098c2d1c62d5edde27d1ca919b393e622cdfb05e5831fa975a3ba5
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0
SRPM
s390x
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm
SHA-256: c1875f7fb8a47100736fc5a5145f6b96cb70f9cc825cec0118b690e9ffe2b846
dotnet-host-debuginfo-6.0.20-1.el9_0.s390x.rpm
SHA-256: a9c742e2d0cda43f7e2fa1e4e7c8d0f24c4525c20735e69a49613941f1faa100
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm
SHA-256: 331d586a4f8eb31d4f24154744def1b7cf42c7eb34676a317ffc6e700a33c387
dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm
SHA-256: 96ae72641d36eaf8b80bbd30fd00ed01711733f63475be560c0eb03a5f2280e3
dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.s390x.rpm
SHA-256: 440bff9370b2069fe68cb01eacf314e0c75b96a3a39be8e8319f1bd74e27e607
dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el9_0.s390x.rpm
SHA-256: 7895e4a4f647e66b6656806eb8b671ce5b5bcf085ef081ae358ffedd50a1eab8
dotnet6.0-debuginfo-6.0.120-1.el9_0.s390x.rpm
SHA-256: 4d8e2da422463e7369ec6c207df95980438cc7e7116965b0c8546d8f9a78eb5a
dotnet6.0-debugsource-6.0.120-1.el9_0.s390x.rpm
SHA-256: e26d20eea85b55245642a379b65ebc3f8d7c691a33169ce27b348703842a9701
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0
SRPM
aarch64
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 51bb2426b4104885143bb41a0eb6ce82c2e93971d29b62125d57aed940127015
dotnet-host-debuginfo-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 385d8f02929b7ec34fedb03bc1ddcfbec29e655060ca18adee30126898e59a5a
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm
SHA-256: ae98c1b0339624bbda5fea60d2d6607a83dd2fa3674cacac54670829ca7c2fd7
dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 73cd56e6efae51cd288bfe39ac68ead31a37edc4dd06475e05822842067937de
dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.aarch64.rpm
SHA-256: c1409f242b91c23bfabd9dc8c3e7a2b6102664ebb56921d379198ba12d11cd83
dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el9_0.aarch64.rpm
SHA-256: f80c43030ad16dcb2255f5e93f76f19f3eb367d96ae26f1ef526df767cfc2d7d
dotnet6.0-debuginfo-6.0.120-1.el9_0.aarch64.rpm
SHA-256: 5a8b87c55f4c48fcb638e137e2fc26bb854c5fb884a32843989c8df432c82de2
dotnet6.0-debugsource-6.0.120-1.el9_0.aarch64.rpm
SHA-256: e7e617b41b278648f7038b7d47dc433dffc82d47245bc6741406bb05e36017b2
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
dotnet6.0-6.0.120-1.el9_0.src.rpm
SHA-256: 6327f073903f657cfa78f46c06bf2b9be43ed3c0e77bf61e1971e3875758412e
aarch64
aspnetcore-runtime-6.0-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 3e9fb05d77000a0bcabc306f15d61897a771ee29c82bdb607cdbac2c9214ad4e
aspnetcore-targeting-pack-6.0-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 7ae3b7a42260469a31afaed18519bbf73eb7251c646b804d7db9acf4d8fe65b2
dotnet-apphost-pack-6.0-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 451bafed0b7ed00078c3e5fb5c09ca0f0dd0475b40e21f9f4c82951da94da86c
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 51bb2426b4104885143bb41a0eb6ce82c2e93971d29b62125d57aed940127015
dotnet-host-6.0.20-1.el9_0.aarch64.rpm
SHA-256: a78a9ce90e15673b262b17e699c86e82f6652e01c4b43474eb80fcdef9249bed
dotnet-host-debuginfo-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 385d8f02929b7ec34fedb03bc1ddcfbec29e655060ca18adee30126898e59a5a
dotnet-hostfxr-6.0-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 8b2003447efb842e9a47aeb96d4a737474f045f5413486326ff8b316e0d2f86c
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm
SHA-256: ae98c1b0339624bbda5fea60d2d6607a83dd2fa3674cacac54670829ca7c2fd7
dotnet-runtime-6.0-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 69df296b56487fe09a1527b4993de7fe7d884bbdc62d5629c1126fff55f46255
dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 73cd56e6efae51cd288bfe39ac68ead31a37edc4dd06475e05822842067937de
dotnet-sdk-6.0-6.0.120-1.el9_0.aarch64.rpm
SHA-256: 689dec03399b85e53ec313471306385ace155ddee8ee23878da2227f5e019302
dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.aarch64.rpm
SHA-256: c1409f242b91c23bfabd9dc8c3e7a2b6102664ebb56921d379198ba12d11cd83
dotnet-targeting-pack-6.0-6.0.20-1.el9_0.aarch64.rpm
SHA-256: 2be3aafcefa6cbe54565a83d2bc91ae0a1a35c19a358bbf6a898f261f0c6644b
dotnet-templates-6.0-6.0.120-1.el9_0.aarch64.rpm
SHA-256: 365f391ad96e3cfb62b9023c3f416a96e82b818677136ebf19f3329a2174e0c9
dotnet6.0-debuginfo-6.0.120-1.el9_0.aarch64.rpm
SHA-256: 5a8b87c55f4c48fcb638e137e2fc26bb854c5fb884a32843989c8df432c82de2
dotnet6.0-debugsource-6.0.120-1.el9_0.aarch64.rpm
SHA-256: e7e617b41b278648f7038b7d47dc433dffc82d47245bc6741406bb05e36017b2
netstandard-targeting-pack-2.1-6.0.120-1.el9_0.aarch64.rpm
SHA-256: 49dd1626ae2fa83fcb599c57c63ae21572bed7405d46f3becb38f9e6d8673b2c
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
dotnet6.0-6.0.120-1.el9_0.src.rpm
SHA-256: 6327f073903f657cfa78f46c06bf2b9be43ed3c0e77bf61e1971e3875758412e
s390x
aspnetcore-runtime-6.0-6.0.20-1.el9_0.s390x.rpm
SHA-256: 8fad060e0e98fd483923f59f46e4f1421c3eb1ed5302c0375748858245e5d8b3
aspnetcore-targeting-pack-6.0-6.0.20-1.el9_0.s390x.rpm
SHA-256: 0b4dde6d319688b30c40d37140581005bad5f4ea76a677cf72367cdae269e232
dotnet-apphost-pack-6.0-6.0.20-1.el9_0.s390x.rpm
SHA-256: 3e3989697eee7d6717a71e62f16ed7002ae0a14e6ff1de7c750f042ea77070e7
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm
SHA-256: c1875f7fb8a47100736fc5a5145f6b96cb70f9cc825cec0118b690e9ffe2b846
dotnet-host-6.0.20-1.el9_0.s390x.rpm
SHA-256: 8f26644e1e84e7b42d2d92a0d535a6a75ccfc487c3283fb0a7a5f6b115546b05
dotnet-host-debuginfo-6.0.20-1.el9_0.s390x.rpm
SHA-256: a9c742e2d0cda43f7e2fa1e4e7c8d0f24c4525c20735e69a49613941f1faa100
dotnet-hostfxr-6.0-6.0.20-1.el9_0.s390x.rpm
SHA-256: 3802fbd750738ff69b7e9abc225048e9c4b12510e94f803c44ea66e1e109d3e2
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm
SHA-256: 331d586a4f8eb31d4f24154744def1b7cf42c7eb34676a317ffc6e700a33c387
dotnet-runtime-6.0-6.0.20-1.el9_0.s390x.rpm
SHA-256: 7ae6c325d98a9068a4ad273484ee735fe065b276b2c80002933ad2606a22a585
dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm
SHA-256: 96ae72641d36eaf8b80bbd30fd00ed01711733f63475be560c0eb03a5f2280e3
dotnet-sdk-6.0-6.0.120-1.el9_0.s390x.rpm
SHA-256: 34f2c3fa86840ebc2dcdb61d1b9c38e530a07f6846e9a39b7d80a640acf40e81
dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.s390x.rpm
SHA-256: 440bff9370b2069fe68cb01eacf314e0c75b96a3a39be8e8319f1bd74e27e607
dotnet-targeting-pack-6.0-6.0.20-1.el9_0.s390x.rpm
SHA-256: 61b42acdba7f334df4d5a6d5d5fab1ee1ec6b5d69b81422ec9a7bf6be86e1a3f
dotnet-templates-6.0-6.0.120-1.el9_0.s390x.rpm
SHA-256: 1b199711c677e0b74de172ed19ebcbd66d4b6e4b89a65f6f3c23bf5abf74fdb6
dotnet6.0-debuginfo-6.0.120-1.el9_0.s390x.rpm
SHA-256: 4d8e2da422463e7369ec6c207df95980438cc7e7116965b0c8546d8f9a78eb5a
dotnet6.0-debugsource-6.0.120-1.el9_0.s390x.rpm
SHA-256: e26d20eea85b55245642a379b65ebc3f8d7c691a33169ce27b348703842a9701
netstandard-targeting-pack-2.1-6.0.120-1.el9_0.s390x.rpm
SHA-256: 1d1a544aed6e6f99247dedeba3ccfcd013b7449d3886ac06018b7a35472d90c3
Related news
Red Hat Security Advisory 2023-4449-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20. Issues addressed include code execution, denial of service, and heap corruption vulnerabilities.
Red Hat Security Advisory 2023-4448-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20. Issues addressed include code execution, denial of service, and heap corruption vulnerabilities.
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. * CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack. * CVE-2023-33128: A vulnerability was found in dotnet. This...
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. * CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack. * CVE-2023-33128: A vulnerability was found in dotnet. This...
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. * CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack. * CVE-2023-33128: A vulnerability was found in dotnet. This...
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. * CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack. * CVE-2023-33128: A vulnerability was found in dotnet. This...
Red Hat Security Advisory 2023-4058-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-33170: A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability.
Ubuntu Security Notice 6217-1 - McKee-Harris, Matt Cotterell, and Jack Moran discovered that .NET did not properly update account lockout maximum failed attempts. An attacker could possibly use this issue to bypass the security feature and attempt to guess more passwords for an account.
# Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exist in ASP.NET Core applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords. ## Discussion Discussion for this issue can be found at https://github.com/dotnet/aspnetcore/issues/49334 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any ASP.NET 7.0 application running on .NET 7.0.8 or earlier. * Any ASP.NET 6.0 application running on .NET 6.0.19 or earlier. * Any ASP.N...
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.
Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]
Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]
Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.
Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.
Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.
# Microsoft Security Advisory CVE-2023-33128: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET source generator for P/Invokes that can lead to generated code freeing uninitialized memory and crashing. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/253 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0.1xx SDK 7.0.106 or earlier. * Any .NET 7.0.3xx SDK 7.0.303 or earlier. If your application uses the following package versions, ensure you update to the latest version of .NET....
# Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET when processing X.509 certificates that may result in Denial of Service. Details: [KB5025823 ](https://support.microsoft.com/kb/5025823) ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/257 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 7.0.5 or earlier. * Any .NET 6.0 application running on .NET 6.0.16 or earlier. If your application uses ...
### Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET and NuGet on Linux. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 7.0 and NuGet(nuget.exe, NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, Microsoft.Build.NuGetSdkResolver, NuGet.PackageManagement) where a potential race condition that can lead to a symlink attack on Linux. Non-Linux platforms are not affected. ### Affected software This issue only affects Linux systems. #### NuGet & NuGet Packages - Any NuGet.exe, NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, Microsoft.Build.NuGetSdkResolver, NuGet.PackageManagement 6.6.0 version or earlier. - Any NuGet.exe, NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, Microsoft.Build.NuGetSdkResolver, NuGet.PackageManagement 6.5.0 version or earlier. - Any NuGet.e...
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability
Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.
.NET and Visual Studio Remote Code Execution Vulnerability