As per reports, Microsoft .NET core and Visual Studio were found with a Denial of Service,which can be exploited by threat actors. Microsoft has released patches to fix this vulnerability for both .NET and Visual Studio Products.
RedHat stated that this vulnerability allows a threat actor to bypass the QUIC stream limit in both ASP.NET and .NET runtimes in the HTTP version 3, which causes a Denial of Service vulnerability. RedHat has also released patches for this vulnerability.
This vulnerability has a low exploitability vector. However, this highly affects the availability of the CIA triad of Microsoft products.
Ubuntu Plugins
In addition to this, Tenable has released plugins to find this vulnerability through Nessus scans.
ID Name Product Family Severity 179502Ubuntu 23.04: .NET vulnerabilities (USN-6278-1)NessusUbuntu Local Security ChecksHIGH179584Ubuntu 23.04 : .NET vulnerabilities (USN-6278-1)NessusUbuntu Local Security ChecksHIGH
Document
API Security Fundamentals: How to Discover, Scan and Protect APIs
CVE-2023-38178: .NET Core and Visual Studio Denial of Service Vulnerability
This is a Denial of Service vulnerability that threat actors can exploit to make the service unavailable to ordinary users. The CVSS Score for this vulnerability was given as 7.5 ( High ). Microsoft has confirmed the confidence of this vulnerability.
Affected Products
Products that were affected due to this Denial of Service vulnerability include the following.
Affected Products Version Microsoft Visual Studio 202217.4Microsoft Visual Studio 202217.2.NET6.0
Fixed in Version
Microsoft has released patches for the affected products as below.
Product Fixed in Version Microsoft Visual Studio 202217.4.10Microsoft Visual Studio 202217.2.18.NET6.0.21
Users of these products are recommended to upgrade to the latest versions of these products to prevent threat actors from exploiting them.
