Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3580: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-24936: No description is available for this CVE.
  • CVE-2023-29331: No description is available for this CVE.
  • CVE-2023-29337: No description is available for this CVE.
  • CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability
Red Hat Security Data
#vulnerability#web#linux#red_hat#dos#nodejs#js#kubernetes#rce#aws

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-06-14

Updated:

2023-06-14

RHSA-2023:3580 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: .NET 6.0 security, bug fix, and enhancement update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18.

The following packages have been upgraded to a later upstream version: rh-dotnet60-dotnet (6.0.118). (BZ#2211715)

Security Fix(es):

  • dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331)
  • dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337)
  • dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128)
  • dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • dotNET on RHEL (for RHEL Server) 1 x86_64
  • dotNET on RHEL (for RHEL Workstation) 1 x86_64
  • dotNET on RHEL (for RHEL Compute Node) 1 x86_64

Fixes

  • BZ - 2192438 - CVE-2023-24936 dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML
  • BZ - 2212617 - CVE-2023-29331 dotnet: .NET Kestrel: Denial of Service processing X509 Certificates
  • BZ - 2212618 - CVE-2023-33128 dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption
  • BZ - 2213703 - CVE-2023-29337 dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack

CVEs

  • CVE-2023-24936
  • CVE-2023-29331
  • CVE-2023-29337
  • CVE-2023-33128

dotNET on RHEL (for RHEL Server) 1

SRPM

rh-dotnet60-dotnet-6.0.118-1.el7_9.src.rpm

SHA-256: a8f0344766f83264797c3471fbf1cbd2e73f72a57d0969e44ebf482966e2e834

x86_64

rh-dotnet60-aspnetcore-runtime-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: 16830ac11afc0087c3a05fefce9fbda7154aa76ccf2881edb49115aecf775049

rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: 014f84b3bb1e3adb51b0dbcd2feade8ccc36562b22efc99a892e5b30796ae58c

rh-dotnet60-dotnet-6.0.118-1.el7_9.x86_64.rpm

SHA-256: 05f4db3dbe4c6a94946665aa5971a077fff5d7ccc750b7800c8ee7ee55f648e8

rh-dotnet60-dotnet-apphost-pack-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: c86adea7ac4865e5287920b07543d4943e8db88988216382b67938c06f983f0b

rh-dotnet60-dotnet-debuginfo-6.0.118-1.el7_9.x86_64.rpm

SHA-256: a1993ac54a72b69e0e5b7f894068c8833adf45c34f8369ece3c2c154c2638354

rh-dotnet60-dotnet-host-6.0.18-1.el7_9.x86_64.rpm

SHA-256: 4f92983bfe39d163e6a55667399403e375133f8729b8359651177ab4678535f6

rh-dotnet60-dotnet-hostfxr-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: 5acbedb5966bbf29360fb5990625f4deda09e6ec0cc1caf363af4b2caf6d6e3c

rh-dotnet60-dotnet-runtime-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: ee53c9ab7206b2d873be40d98bcfd72602fc82854133bb4533aff6ba1239ab8a

rh-dotnet60-dotnet-sdk-6.0-6.0.118-1.el7_9.x86_64.rpm

SHA-256: 20ef945250b73b223c00bc4eb3ebd575ca6e4cc3145a8dd285aec4ab29c23d17

rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.118-1.el7_9.x86_64.rpm

SHA-256: 4dd920340c8957f87e497c75679d71133f32d9a5e6448d2a3bec64f1c9918838

rh-dotnet60-dotnet-targeting-pack-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: ed2ea71b8f94f465364387a2c6b4eb6a6a148a9ca2b0b3acf2b184ff36f14594

rh-dotnet60-dotnet-templates-6.0-6.0.118-1.el7_9.x86_64.rpm

SHA-256: 2c3e6695abf43b59c22e3dabf9fee1bb386145ec2464946862ae94871a612aaa

rh-dotnet60-netstandard-targeting-pack-2.1-6.0.118-1.el7_9.x86_64.rpm

SHA-256: 6f82fddadaa5b45643d75daff90e4cc1235a52e80f4864fc81aa6c8aea04bdd1

dotNET on RHEL (for RHEL Workstation) 1

SRPM

rh-dotnet60-dotnet-6.0.118-1.el7_9.src.rpm

SHA-256: a8f0344766f83264797c3471fbf1cbd2e73f72a57d0969e44ebf482966e2e834

x86_64

rh-dotnet60-aspnetcore-runtime-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: 16830ac11afc0087c3a05fefce9fbda7154aa76ccf2881edb49115aecf775049

rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: 014f84b3bb1e3adb51b0dbcd2feade8ccc36562b22efc99a892e5b30796ae58c

rh-dotnet60-dotnet-6.0.118-1.el7_9.x86_64.rpm

SHA-256: 05f4db3dbe4c6a94946665aa5971a077fff5d7ccc750b7800c8ee7ee55f648e8

rh-dotnet60-dotnet-apphost-pack-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: c86adea7ac4865e5287920b07543d4943e8db88988216382b67938c06f983f0b

rh-dotnet60-dotnet-debuginfo-6.0.118-1.el7_9.x86_64.rpm

SHA-256: a1993ac54a72b69e0e5b7f894068c8833adf45c34f8369ece3c2c154c2638354

rh-dotnet60-dotnet-host-6.0.18-1.el7_9.x86_64.rpm

SHA-256: 4f92983bfe39d163e6a55667399403e375133f8729b8359651177ab4678535f6

rh-dotnet60-dotnet-hostfxr-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: 5acbedb5966bbf29360fb5990625f4deda09e6ec0cc1caf363af4b2caf6d6e3c

rh-dotnet60-dotnet-runtime-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: ee53c9ab7206b2d873be40d98bcfd72602fc82854133bb4533aff6ba1239ab8a

rh-dotnet60-dotnet-sdk-6.0-6.0.118-1.el7_9.x86_64.rpm

SHA-256: 20ef945250b73b223c00bc4eb3ebd575ca6e4cc3145a8dd285aec4ab29c23d17

rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.118-1.el7_9.x86_64.rpm

SHA-256: 4dd920340c8957f87e497c75679d71133f32d9a5e6448d2a3bec64f1c9918838

rh-dotnet60-dotnet-targeting-pack-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: ed2ea71b8f94f465364387a2c6b4eb6a6a148a9ca2b0b3acf2b184ff36f14594

rh-dotnet60-dotnet-templates-6.0-6.0.118-1.el7_9.x86_64.rpm

SHA-256: 2c3e6695abf43b59c22e3dabf9fee1bb386145ec2464946862ae94871a612aaa

rh-dotnet60-netstandard-targeting-pack-2.1-6.0.118-1.el7_9.x86_64.rpm

SHA-256: 6f82fddadaa5b45643d75daff90e4cc1235a52e80f4864fc81aa6c8aea04bdd1

dotNET on RHEL (for RHEL Compute Node) 1

SRPM

rh-dotnet60-dotnet-6.0.118-1.el7_9.src.rpm

SHA-256: a8f0344766f83264797c3471fbf1cbd2e73f72a57d0969e44ebf482966e2e834

x86_64

rh-dotnet60-aspnetcore-runtime-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: 16830ac11afc0087c3a05fefce9fbda7154aa76ccf2881edb49115aecf775049

rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: 014f84b3bb1e3adb51b0dbcd2feade8ccc36562b22efc99a892e5b30796ae58c

rh-dotnet60-dotnet-6.0.118-1.el7_9.x86_64.rpm

SHA-256: 05f4db3dbe4c6a94946665aa5971a077fff5d7ccc750b7800c8ee7ee55f648e8

rh-dotnet60-dotnet-apphost-pack-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: c86adea7ac4865e5287920b07543d4943e8db88988216382b67938c06f983f0b

rh-dotnet60-dotnet-debuginfo-6.0.118-1.el7_9.x86_64.rpm

SHA-256: a1993ac54a72b69e0e5b7f894068c8833adf45c34f8369ece3c2c154c2638354

rh-dotnet60-dotnet-host-6.0.18-1.el7_9.x86_64.rpm

SHA-256: 4f92983bfe39d163e6a55667399403e375133f8729b8359651177ab4678535f6

rh-dotnet60-dotnet-hostfxr-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: 5acbedb5966bbf29360fb5990625f4deda09e6ec0cc1caf363af4b2caf6d6e3c

rh-dotnet60-dotnet-runtime-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: ee53c9ab7206b2d873be40d98bcfd72602fc82854133bb4533aff6ba1239ab8a

rh-dotnet60-dotnet-sdk-6.0-6.0.118-1.el7_9.x86_64.rpm

SHA-256: 20ef945250b73b223c00bc4eb3ebd575ca6e4cc3145a8dd285aec4ab29c23d17

rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.118-1.el7_9.x86_64.rpm

SHA-256: 4dd920340c8957f87e497c75679d71133f32d9a5e6448d2a3bec64f1c9918838

rh-dotnet60-dotnet-targeting-pack-6.0-6.0.18-1.el7_9.x86_64.rpm

SHA-256: ed2ea71b8f94f465364387a2c6b4eb6a6a148a9ca2b0b3acf2b184ff36f14594

rh-dotnet60-dotnet-templates-6.0-6.0.118-1.el7_9.x86_64.rpm

SHA-256: 2c3e6695abf43b59c22e3dabf9fee1bb386145ec2464946862ae94871a612aaa

rh-dotnet60-netstandard-targeting-pack-2.1-6.0.118-1.el7_9.x86_64.rpm

SHA-256: 6f82fddadaa5b45643d75daff90e4cc1235a52e80f4864fc81aa6c8aea04bdd1

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-4449-01

Red Hat Security Advisory 2023-4449-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20. Issues addressed include code execution, denial of service, and heap corruption vulnerabilities.

Red Hat Security Advisory 2023-4448-01

Red Hat Security Advisory 2023-4448-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20. Issues addressed include code execution, denial of service, and heap corruption vulnerabilities.

RHSA-2023:4448: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. * CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack. * CVE-2023-33128: A vulnerability was found in dotnet. This...

RHSA-2023:4449: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. * CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack. * CVE-2023-33128: A vulnerability was found in dotnet. This...

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP

Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]

Ubuntu Security Notice USN-6161-2

Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.

GHSA-x469-cv7m-77r9: .NET Remote Code Execution Vulnerability

# Microsoft Security Advisory CVE-2023-33128: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET source generator for P/Invokes that can lead to generated code freeing uninitialized memory and crashing. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/253 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0.1xx SDK 7.0.106 or earlier. * Any .NET 7.0.3xx SDK 7.0.303 or earlier. If your application uses the following package versions, ensure you update to the latest version of .NET....

GHSA-555c-2p6r-68mm: .NET Denial of Service vulnerability

# Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET when processing X.509 certificates that may result in Denial of Service. Details: [KB5025823 ](https://support.microsoft.com/kb/5025823) ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/257 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 7.0.5 or earlier. * Any .NET 6.0 application running on .NET 6.0.16 or earlier. If your application uses ...

GHSA-jx7q-xxmw-44vf: .NET Elevation of Privilege Vulnerability

# Microsoft Security Advisory CVE-2023-24936: .NET Elevation of Privilege Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/259 ### <a name="mitigation-factors"></a>Mitigation factors The default configuration of DataSet and DataTable is not susceptible to this vulnerability. This vulnerability only exists if the app developer or machine admin extends the DataSet and DataTable default allow-list [as specified here](https://learn.microsoft.com/en-us/dotnet/framework/data/adonet/dataset-datatable-da...

GHSA-6qmf-mmc7-6c2p: NuGet Client Remote Code Execution Vulnerability

### Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET and NuGet on Linux. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 7.0 and NuGet(nuget.exe, NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, Microsoft.Build.NuGetSdkResolver, NuGet.PackageManagement) where a potential race condition that can lead to a symlink attack on Linux. Non-Linux platforms are not affected. ### Affected software This issue only affects Linux systems. #### NuGet & NuGet Packages - Any NuGet.exe, NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, Microsoft.Build.NuGetSdkResolver, NuGet.PackageManagement 6.6.0 version or earlier. - Any NuGet.exe, NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, Microsoft.Build.NuGetSdkResolver, NuGet.PackageManagement 6.5.0 version or earlier. - Any NuGet.e...

CVE-2023-24936

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

CVE-2023-29337

NuGet Client Remote Code Execution Vulnerability

CVE-2023-29331

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

RHSA-2023:3582: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability

Ubuntu Security Notice USN-6161-1

Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6161-1

Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6161-1

Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6161-1

Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.

CVE-2023-33128

.NET and Visual Studio Remote Code Execution Vulnerability