Headline
RHSA-2022:6523: Red Hat Security Advisory: .NET Core 3.1 security and bugfix update
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-38013: dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.
Synopsis
Moderate: .NET Core 3.1 security and bugfix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.423 and .NET Runtime 3.1.29.
Security Fix(es):
- dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion. (CVE-2022-38013)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
Fixes
- BZ - 2125124 - CVE-2022-38013 dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.
Red Hat Enterprise Linux for x86_64 8
SRPM
dotnet3.1-3.1.423-1.el8_6.src.rpm
SHA-256: b515754a9238dd361e00e1b59b99c3c0865680933ce47f89e1e3ee7fcacefd2d
x86_64
aspnetcore-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 2d5e32b25b14295c3c714ef4b54b4598bf7270840f7d738277eac6c5d5b1b311
aspnetcore-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 77fe5b5e4c5b8de79b3878ced89c29ad5db5c58ac7235416d0b0419904fdd09a
dotnet-apphost-pack-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 32fe0eaf1c8db8b080bf388ab3dc3e416cedd575e4607ff9d8dd430c5c3426cf
dotnet-apphost-pack-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: c2f7a2eb7b80316227e0a41b72129b0ce16fd8c4e5e40b6993ced323aa30b830
dotnet-hostfxr-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 265e16e029a6fcbe4bca830683d63afd447ff9d34d0aad2fa6f4f8a7678330eb
dotnet-hostfxr-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: c702c469bf114363bbce3837efc2420f99c12793abd26172850fd11985df518c
dotnet-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 1eafa6e2441e6bd6b7b3f9c291c449fdbe15fd287b52ade478e2de0e1a54be33
dotnet-runtime-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: a734b30465de8285fff83230369a125d13ee2b07370761866b13ad99e47cfe6d
dotnet-sdk-3.1-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 75c4d56021ae7933c6d6c6e78bfc64cfcce4001e9f61e240afc2dabfe5eeea6d
dotnet-sdk-3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm
SHA-256: a9b2be321681ffd443381f6a987dbc3506fe0416774f2a681e3af9ce8abf85da
dotnet-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 0a039dfeb12222f1559de2cf3eaec53c4c9dea2fe47cfd135ee1e4ca235e52b3
dotnet-templates-3.1-3.1.423-1.el8_6.x86_64.rpm
SHA-256: e839fc3df9e8560f3bf3cf6fb56d608223ce0e855cdf53098bb722881f852d19
dotnet3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 6018e8c5d953accb362fcdbf0680917f3a93cac99a70524c838f7cbee0a27b31
dotnet3.1-debugsource-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 77145ece80ccc417a311ed52851f7b396ad58a482f528e851ae985dc61082340
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
dotnet3.1-3.1.423-1.el8_6.src.rpm
SHA-256: b515754a9238dd361e00e1b59b99c3c0865680933ce47f89e1e3ee7fcacefd2d
x86_64
aspnetcore-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 2d5e32b25b14295c3c714ef4b54b4598bf7270840f7d738277eac6c5d5b1b311
aspnetcore-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 77fe5b5e4c5b8de79b3878ced89c29ad5db5c58ac7235416d0b0419904fdd09a
dotnet-apphost-pack-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 32fe0eaf1c8db8b080bf388ab3dc3e416cedd575e4607ff9d8dd430c5c3426cf
dotnet-apphost-pack-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: c2f7a2eb7b80316227e0a41b72129b0ce16fd8c4e5e40b6993ced323aa30b830
dotnet-hostfxr-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 265e16e029a6fcbe4bca830683d63afd447ff9d34d0aad2fa6f4f8a7678330eb
dotnet-hostfxr-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: c702c469bf114363bbce3837efc2420f99c12793abd26172850fd11985df518c
dotnet-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 1eafa6e2441e6bd6b7b3f9c291c449fdbe15fd287b52ade478e2de0e1a54be33
dotnet-runtime-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: a734b30465de8285fff83230369a125d13ee2b07370761866b13ad99e47cfe6d
dotnet-sdk-3.1-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 75c4d56021ae7933c6d6c6e78bfc64cfcce4001e9f61e240afc2dabfe5eeea6d
dotnet-sdk-3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm
SHA-256: a9b2be321681ffd443381f6a987dbc3506fe0416774f2a681e3af9ce8abf85da
dotnet-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 0a039dfeb12222f1559de2cf3eaec53c4c9dea2fe47cfd135ee1e4ca235e52b3
dotnet-templates-3.1-3.1.423-1.el8_6.x86_64.rpm
SHA-256: e839fc3df9e8560f3bf3cf6fb56d608223ce0e855cdf53098bb722881f852d19
dotnet3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 6018e8c5d953accb362fcdbf0680917f3a93cac99a70524c838f7cbee0a27b31
dotnet3.1-debugsource-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 77145ece80ccc417a311ed52851f7b396ad58a482f528e851ae985dc61082340
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
dotnet3.1-3.1.423-1.el8_6.src.rpm
SHA-256: b515754a9238dd361e00e1b59b99c3c0865680933ce47f89e1e3ee7fcacefd2d
x86_64
aspnetcore-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 2d5e32b25b14295c3c714ef4b54b4598bf7270840f7d738277eac6c5d5b1b311
aspnetcore-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 77fe5b5e4c5b8de79b3878ced89c29ad5db5c58ac7235416d0b0419904fdd09a
dotnet-apphost-pack-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 32fe0eaf1c8db8b080bf388ab3dc3e416cedd575e4607ff9d8dd430c5c3426cf
dotnet-apphost-pack-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: c2f7a2eb7b80316227e0a41b72129b0ce16fd8c4e5e40b6993ced323aa30b830
dotnet-hostfxr-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 265e16e029a6fcbe4bca830683d63afd447ff9d34d0aad2fa6f4f8a7678330eb
dotnet-hostfxr-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: c702c469bf114363bbce3837efc2420f99c12793abd26172850fd11985df518c
dotnet-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 1eafa6e2441e6bd6b7b3f9c291c449fdbe15fd287b52ade478e2de0e1a54be33
dotnet-runtime-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: a734b30465de8285fff83230369a125d13ee2b07370761866b13ad99e47cfe6d
dotnet-sdk-3.1-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 75c4d56021ae7933c6d6c6e78bfc64cfcce4001e9f61e240afc2dabfe5eeea6d
dotnet-sdk-3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm
SHA-256: a9b2be321681ffd443381f6a987dbc3506fe0416774f2a681e3af9ce8abf85da
dotnet-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 0a039dfeb12222f1559de2cf3eaec53c4c9dea2fe47cfd135ee1e4ca235e52b3
dotnet-templates-3.1-3.1.423-1.el8_6.x86_64.rpm
SHA-256: e839fc3df9e8560f3bf3cf6fb56d608223ce0e855cdf53098bb722881f852d19
dotnet3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 6018e8c5d953accb362fcdbf0680917f3a93cac99a70524c838f7cbee0a27b31
dotnet3.1-debugsource-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 77145ece80ccc417a311ed52851f7b396ad58a482f528e851ae985dc61082340
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
dotnet3.1-3.1.423-1.el8_6.src.rpm
SHA-256: b515754a9238dd361e00e1b59b99c3c0865680933ce47f89e1e3ee7fcacefd2d
x86_64
aspnetcore-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 2d5e32b25b14295c3c714ef4b54b4598bf7270840f7d738277eac6c5d5b1b311
aspnetcore-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 77fe5b5e4c5b8de79b3878ced89c29ad5db5c58ac7235416d0b0419904fdd09a
dotnet-apphost-pack-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 32fe0eaf1c8db8b080bf388ab3dc3e416cedd575e4607ff9d8dd430c5c3426cf
dotnet-apphost-pack-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: c2f7a2eb7b80316227e0a41b72129b0ce16fd8c4e5e40b6993ced323aa30b830
dotnet-hostfxr-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 265e16e029a6fcbe4bca830683d63afd447ff9d34d0aad2fa6f4f8a7678330eb
dotnet-hostfxr-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: c702c469bf114363bbce3837efc2420f99c12793abd26172850fd11985df518c
dotnet-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 1eafa6e2441e6bd6b7b3f9c291c449fdbe15fd287b52ade478e2de0e1a54be33
dotnet-runtime-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: a734b30465de8285fff83230369a125d13ee2b07370761866b13ad99e47cfe6d
dotnet-sdk-3.1-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 75c4d56021ae7933c6d6c6e78bfc64cfcce4001e9f61e240afc2dabfe5eeea6d
dotnet-sdk-3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm
SHA-256: a9b2be321681ffd443381f6a987dbc3506fe0416774f2a681e3af9ce8abf85da
dotnet-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 0a039dfeb12222f1559de2cf3eaec53c4c9dea2fe47cfd135ee1e4ca235e52b3
dotnet-templates-3.1-3.1.423-1.el8_6.x86_64.rpm
SHA-256: e839fc3df9e8560f3bf3cf6fb56d608223ce0e855cdf53098bb722881f852d19
dotnet3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 6018e8c5d953accb362fcdbf0680917f3a93cac99a70524c838f7cbee0a27b31
dotnet3.1-debugsource-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 77145ece80ccc417a311ed52851f7b396ad58a482f528e851ae985dc61082340
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
dotnet3.1-3.1.423-1.el8_6.src.rpm
SHA-256: b515754a9238dd361e00e1b59b99c3c0865680933ce47f89e1e3ee7fcacefd2d
x86_64
aspnetcore-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 2d5e32b25b14295c3c714ef4b54b4598bf7270840f7d738277eac6c5d5b1b311
aspnetcore-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 77fe5b5e4c5b8de79b3878ced89c29ad5db5c58ac7235416d0b0419904fdd09a
dotnet-apphost-pack-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 32fe0eaf1c8db8b080bf388ab3dc3e416cedd575e4607ff9d8dd430c5c3426cf
dotnet-apphost-pack-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: c2f7a2eb7b80316227e0a41b72129b0ce16fd8c4e5e40b6993ced323aa30b830
dotnet-hostfxr-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 265e16e029a6fcbe4bca830683d63afd447ff9d34d0aad2fa6f4f8a7678330eb
dotnet-hostfxr-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: c702c469bf114363bbce3837efc2420f99c12793abd26172850fd11985df518c
dotnet-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 1eafa6e2441e6bd6b7b3f9c291c449fdbe15fd287b52ade478e2de0e1a54be33
dotnet-runtime-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: a734b30465de8285fff83230369a125d13ee2b07370761866b13ad99e47cfe6d
dotnet-sdk-3.1-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 75c4d56021ae7933c6d6c6e78bfc64cfcce4001e9f61e240afc2dabfe5eeea6d
dotnet-sdk-3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm
SHA-256: a9b2be321681ffd443381f6a987dbc3506fe0416774f2a681e3af9ce8abf85da
dotnet-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm
SHA-256: 0a039dfeb12222f1559de2cf3eaec53c4c9dea2fe47cfd135ee1e4ca235e52b3
dotnet-templates-3.1-3.1.423-1.el8_6.x86_64.rpm
SHA-256: e839fc3df9e8560f3bf3cf6fb56d608223ce0e855cdf53098bb722881f852d19
dotnet3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 6018e8c5d953accb362fcdbf0680917f3a93cac99a70524c838f7cbee0a27b31
dotnet3.1-debugsource-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 77145ece80ccc417a311ed52851f7b396ad58a482f528e851ae985dc61082340
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
dotnet-apphost-pack-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: c2f7a2eb7b80316227e0a41b72129b0ce16fd8c4e5e40b6993ced323aa30b830
dotnet-hostfxr-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: c702c469bf114363bbce3837efc2420f99c12793abd26172850fd11985df518c
dotnet-runtime-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: a734b30465de8285fff83230369a125d13ee2b07370761866b13ad99e47cfe6d
dotnet-sdk-3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm
SHA-256: a9b2be321681ffd443381f6a987dbc3506fe0416774f2a681e3af9ce8abf85da
dotnet-sdk-3.1-source-built-artifacts-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 896f74a5100585110b9e2c46e22891987e9c7cac2aa63e47839429b42ea24b04
dotnet3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 6018e8c5d953accb362fcdbf0680917f3a93cac99a70524c838f7cbee0a27b31
dotnet3.1-debugsource-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 77145ece80ccc417a311ed52851f7b396ad58a482f528e851ae985dc61082340
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6
SRPM
x86_64
dotnet-apphost-pack-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: c2f7a2eb7b80316227e0a41b72129b0ce16fd8c4e5e40b6993ced323aa30b830
dotnet-hostfxr-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: c702c469bf114363bbce3837efc2420f99c12793abd26172850fd11985df518c
dotnet-runtime-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm
SHA-256: a734b30465de8285fff83230369a125d13ee2b07370761866b13ad99e47cfe6d
dotnet-sdk-3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm
SHA-256: a9b2be321681ffd443381f6a987dbc3506fe0416774f2a681e3af9ce8abf85da
dotnet-sdk-3.1-source-built-artifacts-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 896f74a5100585110b9e2c46e22891987e9c7cac2aa63e47839429b42ea24b04
dotnet3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 6018e8c5d953accb362fcdbf0680917f3a93cac99a70524c838f7cbee0a27b31
dotnet3.1-debugsource-3.1.423-1.el8_6.x86_64.rpm
SHA-256: 77145ece80ccc417a311ed52851f7b396ad58a482f528e851ae985dc61082340
Related news
Red Hat Security Advisory 2022-6539-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.109 and .NET Runtime 6.0.9.
Red Hat Security Advisory 2022-6522-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.423 and .NET Runtime 3.1.29.
Red Hat Security Advisory 2022-6520-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.109 and .NET Runtime 6.0.9.
Red Hat Security Advisory 2022-6523-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.423 and .NET Runtime 3.1.29.
Red Hat Security Advisory 2022-6521-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.109 and Runtime 6.0.9.
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38013: dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in ASP.NET Core 3.1 and .NET 6.0 where a malicious client could cause a stack overflow which may result in a denial of service attack when an attacker sends a customized payload that is parsed during model binding. ## <a name="affected-software"></a>Affected software * Any .NET 6.0 application running on .NET 6.0.8 or earlier. * Any ASP.NET Core 3.1 application running on .NET Core 3.1.28 or earlier. If your application uses the following package versions, ensure you update to the latest version of .NET. ### <a name="ASP.NET Core 3.1"></a>.NET Core 3.1 Package name | Affected version | Patched version ------------ | ---------------- | ------------------------- [Microsoft.AspNetCore.App.Runtime.linux-arm]...
Ubuntu Security Notice 5609-1 - Graham Esau discovered that .NET 6 incorrectly parsed certain payloads during model binding. An attacker could possibly use this issue to cause a denial of service.
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38013: dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38013: dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38013: dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.
.NET Core and Visual Studio Denial of Service Vulnerability.