Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6523: Red Hat Security Advisory: .NET Core 3.1 security and bugfix update

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-38013: dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.
Red Hat Security Data
#vulnerability#linux#red_hat#sap#asp.net

Synopsis

Moderate: .NET Core 3.1 security and bugfix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.423 and .NET Runtime 3.1.29.

Security Fix(es):

  • dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion. (CVE-2022-38013)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64

Fixes

  • BZ - 2125124 - CVE-2022-38013 dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.

Red Hat Enterprise Linux for x86_64 8

SRPM

dotnet3.1-3.1.423-1.el8_6.src.rpm

SHA-256: b515754a9238dd361e00e1b59b99c3c0865680933ce47f89e1e3ee7fcacefd2d

x86_64

aspnetcore-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 2d5e32b25b14295c3c714ef4b54b4598bf7270840f7d738277eac6c5d5b1b311

aspnetcore-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 77fe5b5e4c5b8de79b3878ced89c29ad5db5c58ac7235416d0b0419904fdd09a

dotnet-apphost-pack-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 32fe0eaf1c8db8b080bf388ab3dc3e416cedd575e4607ff9d8dd430c5c3426cf

dotnet-apphost-pack-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: c2f7a2eb7b80316227e0a41b72129b0ce16fd8c4e5e40b6993ced323aa30b830

dotnet-hostfxr-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 265e16e029a6fcbe4bca830683d63afd447ff9d34d0aad2fa6f4f8a7678330eb

dotnet-hostfxr-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: c702c469bf114363bbce3837efc2420f99c12793abd26172850fd11985df518c

dotnet-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 1eafa6e2441e6bd6b7b3f9c291c449fdbe15fd287b52ade478e2de0e1a54be33

dotnet-runtime-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: a734b30465de8285fff83230369a125d13ee2b07370761866b13ad99e47cfe6d

dotnet-sdk-3.1-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 75c4d56021ae7933c6d6c6e78bfc64cfcce4001e9f61e240afc2dabfe5eeea6d

dotnet-sdk-3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm

SHA-256: a9b2be321681ffd443381f6a987dbc3506fe0416774f2a681e3af9ce8abf85da

dotnet-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 0a039dfeb12222f1559de2cf3eaec53c4c9dea2fe47cfd135ee1e4ca235e52b3

dotnet-templates-3.1-3.1.423-1.el8_6.x86_64.rpm

SHA-256: e839fc3df9e8560f3bf3cf6fb56d608223ce0e855cdf53098bb722881f852d19

dotnet3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 6018e8c5d953accb362fcdbf0680917f3a93cac99a70524c838f7cbee0a27b31

dotnet3.1-debugsource-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 77145ece80ccc417a311ed52851f7b396ad58a482f528e851ae985dc61082340

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

dotnet3.1-3.1.423-1.el8_6.src.rpm

SHA-256: b515754a9238dd361e00e1b59b99c3c0865680933ce47f89e1e3ee7fcacefd2d

x86_64

aspnetcore-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 2d5e32b25b14295c3c714ef4b54b4598bf7270840f7d738277eac6c5d5b1b311

aspnetcore-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 77fe5b5e4c5b8de79b3878ced89c29ad5db5c58ac7235416d0b0419904fdd09a

dotnet-apphost-pack-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 32fe0eaf1c8db8b080bf388ab3dc3e416cedd575e4607ff9d8dd430c5c3426cf

dotnet-apphost-pack-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: c2f7a2eb7b80316227e0a41b72129b0ce16fd8c4e5e40b6993ced323aa30b830

dotnet-hostfxr-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 265e16e029a6fcbe4bca830683d63afd447ff9d34d0aad2fa6f4f8a7678330eb

dotnet-hostfxr-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: c702c469bf114363bbce3837efc2420f99c12793abd26172850fd11985df518c

dotnet-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 1eafa6e2441e6bd6b7b3f9c291c449fdbe15fd287b52ade478e2de0e1a54be33

dotnet-runtime-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: a734b30465de8285fff83230369a125d13ee2b07370761866b13ad99e47cfe6d

dotnet-sdk-3.1-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 75c4d56021ae7933c6d6c6e78bfc64cfcce4001e9f61e240afc2dabfe5eeea6d

dotnet-sdk-3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm

SHA-256: a9b2be321681ffd443381f6a987dbc3506fe0416774f2a681e3af9ce8abf85da

dotnet-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 0a039dfeb12222f1559de2cf3eaec53c4c9dea2fe47cfd135ee1e4ca235e52b3

dotnet-templates-3.1-3.1.423-1.el8_6.x86_64.rpm

SHA-256: e839fc3df9e8560f3bf3cf6fb56d608223ce0e855cdf53098bb722881f852d19

dotnet3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 6018e8c5d953accb362fcdbf0680917f3a93cac99a70524c838f7cbee0a27b31

dotnet3.1-debugsource-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 77145ece80ccc417a311ed52851f7b396ad58a482f528e851ae985dc61082340

Red Hat Enterprise Linux Server - AUS 8.6

SRPM

dotnet3.1-3.1.423-1.el8_6.src.rpm

SHA-256: b515754a9238dd361e00e1b59b99c3c0865680933ce47f89e1e3ee7fcacefd2d

x86_64

aspnetcore-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 2d5e32b25b14295c3c714ef4b54b4598bf7270840f7d738277eac6c5d5b1b311

aspnetcore-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 77fe5b5e4c5b8de79b3878ced89c29ad5db5c58ac7235416d0b0419904fdd09a

dotnet-apphost-pack-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 32fe0eaf1c8db8b080bf388ab3dc3e416cedd575e4607ff9d8dd430c5c3426cf

dotnet-apphost-pack-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: c2f7a2eb7b80316227e0a41b72129b0ce16fd8c4e5e40b6993ced323aa30b830

dotnet-hostfxr-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 265e16e029a6fcbe4bca830683d63afd447ff9d34d0aad2fa6f4f8a7678330eb

dotnet-hostfxr-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: c702c469bf114363bbce3837efc2420f99c12793abd26172850fd11985df518c

dotnet-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 1eafa6e2441e6bd6b7b3f9c291c449fdbe15fd287b52ade478e2de0e1a54be33

dotnet-runtime-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: a734b30465de8285fff83230369a125d13ee2b07370761866b13ad99e47cfe6d

dotnet-sdk-3.1-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 75c4d56021ae7933c6d6c6e78bfc64cfcce4001e9f61e240afc2dabfe5eeea6d

dotnet-sdk-3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm

SHA-256: a9b2be321681ffd443381f6a987dbc3506fe0416774f2a681e3af9ce8abf85da

dotnet-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 0a039dfeb12222f1559de2cf3eaec53c4c9dea2fe47cfd135ee1e4ca235e52b3

dotnet-templates-3.1-3.1.423-1.el8_6.x86_64.rpm

SHA-256: e839fc3df9e8560f3bf3cf6fb56d608223ce0e855cdf53098bb722881f852d19

dotnet3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 6018e8c5d953accb362fcdbf0680917f3a93cac99a70524c838f7cbee0a27b31

dotnet3.1-debugsource-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 77145ece80ccc417a311ed52851f7b396ad58a482f528e851ae985dc61082340

Red Hat Enterprise Linux Server - TUS 8.6

SRPM

dotnet3.1-3.1.423-1.el8_6.src.rpm

SHA-256: b515754a9238dd361e00e1b59b99c3c0865680933ce47f89e1e3ee7fcacefd2d

x86_64

aspnetcore-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 2d5e32b25b14295c3c714ef4b54b4598bf7270840f7d738277eac6c5d5b1b311

aspnetcore-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 77fe5b5e4c5b8de79b3878ced89c29ad5db5c58ac7235416d0b0419904fdd09a

dotnet-apphost-pack-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 32fe0eaf1c8db8b080bf388ab3dc3e416cedd575e4607ff9d8dd430c5c3426cf

dotnet-apphost-pack-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: c2f7a2eb7b80316227e0a41b72129b0ce16fd8c4e5e40b6993ced323aa30b830

dotnet-hostfxr-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 265e16e029a6fcbe4bca830683d63afd447ff9d34d0aad2fa6f4f8a7678330eb

dotnet-hostfxr-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: c702c469bf114363bbce3837efc2420f99c12793abd26172850fd11985df518c

dotnet-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 1eafa6e2441e6bd6b7b3f9c291c449fdbe15fd287b52ade478e2de0e1a54be33

dotnet-runtime-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: a734b30465de8285fff83230369a125d13ee2b07370761866b13ad99e47cfe6d

dotnet-sdk-3.1-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 75c4d56021ae7933c6d6c6e78bfc64cfcce4001e9f61e240afc2dabfe5eeea6d

dotnet-sdk-3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm

SHA-256: a9b2be321681ffd443381f6a987dbc3506fe0416774f2a681e3af9ce8abf85da

dotnet-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 0a039dfeb12222f1559de2cf3eaec53c4c9dea2fe47cfd135ee1e4ca235e52b3

dotnet-templates-3.1-3.1.423-1.el8_6.x86_64.rpm

SHA-256: e839fc3df9e8560f3bf3cf6fb56d608223ce0e855cdf53098bb722881f852d19

dotnet3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 6018e8c5d953accb362fcdbf0680917f3a93cac99a70524c838f7cbee0a27b31

dotnet3.1-debugsource-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 77145ece80ccc417a311ed52851f7b396ad58a482f528e851ae985dc61082340

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM

dotnet3.1-3.1.423-1.el8_6.src.rpm

SHA-256: b515754a9238dd361e00e1b59b99c3c0865680933ce47f89e1e3ee7fcacefd2d

x86_64

aspnetcore-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 2d5e32b25b14295c3c714ef4b54b4598bf7270840f7d738277eac6c5d5b1b311

aspnetcore-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 77fe5b5e4c5b8de79b3878ced89c29ad5db5c58ac7235416d0b0419904fdd09a

dotnet-apphost-pack-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 32fe0eaf1c8db8b080bf388ab3dc3e416cedd575e4607ff9d8dd430c5c3426cf

dotnet-apphost-pack-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: c2f7a2eb7b80316227e0a41b72129b0ce16fd8c4e5e40b6993ced323aa30b830

dotnet-hostfxr-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 265e16e029a6fcbe4bca830683d63afd447ff9d34d0aad2fa6f4f8a7678330eb

dotnet-hostfxr-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: c702c469bf114363bbce3837efc2420f99c12793abd26172850fd11985df518c

dotnet-runtime-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 1eafa6e2441e6bd6b7b3f9c291c449fdbe15fd287b52ade478e2de0e1a54be33

dotnet-runtime-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: a734b30465de8285fff83230369a125d13ee2b07370761866b13ad99e47cfe6d

dotnet-sdk-3.1-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 75c4d56021ae7933c6d6c6e78bfc64cfcce4001e9f61e240afc2dabfe5eeea6d

dotnet-sdk-3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm

SHA-256: a9b2be321681ffd443381f6a987dbc3506fe0416774f2a681e3af9ce8abf85da

dotnet-targeting-pack-3.1-3.1.29-1.el8_6.x86_64.rpm

SHA-256: 0a039dfeb12222f1559de2cf3eaec53c4c9dea2fe47cfd135ee1e4ca235e52b3

dotnet-templates-3.1-3.1.423-1.el8_6.x86_64.rpm

SHA-256: e839fc3df9e8560f3bf3cf6fb56d608223ce0e855cdf53098bb722881f852d19

dotnet3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 6018e8c5d953accb362fcdbf0680917f3a93cac99a70524c838f7cbee0a27b31

dotnet3.1-debugsource-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 77145ece80ccc417a311ed52851f7b396ad58a482f528e851ae985dc61082340

Red Hat CodeReady Linux Builder for x86_64 8

SRPM

x86_64

dotnet-apphost-pack-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: c2f7a2eb7b80316227e0a41b72129b0ce16fd8c4e5e40b6993ced323aa30b830

dotnet-hostfxr-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: c702c469bf114363bbce3837efc2420f99c12793abd26172850fd11985df518c

dotnet-runtime-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: a734b30465de8285fff83230369a125d13ee2b07370761866b13ad99e47cfe6d

dotnet-sdk-3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm

SHA-256: a9b2be321681ffd443381f6a987dbc3506fe0416774f2a681e3af9ce8abf85da

dotnet-sdk-3.1-source-built-artifacts-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 896f74a5100585110b9e2c46e22891987e9c7cac2aa63e47839429b42ea24b04

dotnet3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 6018e8c5d953accb362fcdbf0680917f3a93cac99a70524c838f7cbee0a27b31

dotnet3.1-debugsource-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 77145ece80ccc417a311ed52851f7b396ad58a482f528e851ae985dc61082340

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6

SRPM

x86_64

dotnet-apphost-pack-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: c2f7a2eb7b80316227e0a41b72129b0ce16fd8c4e5e40b6993ced323aa30b830

dotnet-hostfxr-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: c702c469bf114363bbce3837efc2420f99c12793abd26172850fd11985df518c

dotnet-runtime-3.1-debuginfo-3.1.29-1.el8_6.x86_64.rpm

SHA-256: a734b30465de8285fff83230369a125d13ee2b07370761866b13ad99e47cfe6d

dotnet-sdk-3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm

SHA-256: a9b2be321681ffd443381f6a987dbc3506fe0416774f2a681e3af9ce8abf85da

dotnet-sdk-3.1-source-built-artifacts-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 896f74a5100585110b9e2c46e22891987e9c7cac2aa63e47839429b42ea24b04

dotnet3.1-debuginfo-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 6018e8c5d953accb362fcdbf0680917f3a93cac99a70524c838f7cbee0a27b31

dotnet3.1-debugsource-3.1.423-1.el8_6.x86_64.rpm

SHA-256: 77145ece80ccc417a311ed52851f7b396ad58a482f528e851ae985dc61082340

Related news

Red Hat Security Advisory 2022-6539-01

Red Hat Security Advisory 2022-6539-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.109 and .NET Runtime 6.0.9.

Red Hat Security Advisory 2022-6522-01

Red Hat Security Advisory 2022-6522-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.423 and .NET Runtime 3.1.29.

Red Hat Security Advisory 2022-6520-01

Red Hat Security Advisory 2022-6520-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.109 and .NET Runtime 6.0.9.

Red Hat Security Advisory 2022-6523-01

Red Hat Security Advisory 2022-6523-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.423 and .NET Runtime 3.1.29.

Red Hat Security Advisory 2022-6521-01

Red Hat Security Advisory 2022-6521-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.109 and Runtime 6.0.9.

RHSA-2022:6539: Red Hat Security Advisory: .NET 6.0 security and bugfix update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38013: dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.

GHSA-r8m2-4x37-6592: .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in ASP.NET Core 3.1 and .NET 6.0 where a malicious client could cause a stack overflow which may result in a denial of service attack when an attacker sends a customized payload that is parsed during model binding. ## <a name="affected-software"></a>Affected software * Any .NET 6.0 application running on .NET 6.0.8 or earlier. * Any ASP.NET Core 3.1 application running on .NET Core 3.1.28 or earlier. If your application uses the following package versions, ensure you update to the latest version of .NET. ### <a name="ASP.NET Core 3.1"></a>.NET Core 3.1 Package name | Affected version | Patched version ------------ | ---------------- | ------------------------- [Microsoft.AspNetCore.App.Runtime.linux-arm]...

Ubuntu Security Notice USN-5609-1

Ubuntu Security Notice 5609-1 - Graham Esau discovered that .NET 6 incorrectly parsed certain payloads during model binding. An attacker could possibly use this issue to cause a denial of service.

RHSA-2022:6521: Red Hat Security Advisory: .NET 6.0 security and bugfix update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38013: dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.

RHSA-2022:6520: Red Hat Security Advisory: .NET 6.0 on RHEL 7 security and bugfix update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38013: dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.

RHSA-2022:6522: Red Hat Security Advisory: .NET Core 3.1 on RHEL 7 security and bugfix update

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38013: dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.

CVE-2022-38013

.NET Core and Visual Studio Denial of Service Vulnerability.