.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00758.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Apple Subscribe
Macos Subscribe
Linux Subscribe
Linux Kernel Subscribe
Microsoft Subscribe
.net Subscribe
.net Framework Subscribe
Visual Studio 2022 Subscribe
Windows Subscribe
Windows 10 1507 Subscribe
Windows 10 1607 Subscribe
Windows 10 1809 Subscribe
Windows 10 21h2 Subscribe
Windows 10 22h2 Subscribe
Windows 11 21h2 Subscribe
Windows 11 22h2 Subscribe
Windows 11 23h2 Subscribe
Windows 11 24h2 Subscribe
Windows Server 2008 Subscribe
Windows Server 2012 Subscribe
Windows Server 2016 Subscribe
Windows Server 2019 Subscribe
Windows Server 2022 Subscribe
Windows Server 2022 23h2 Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Rhel Aus Subscribe
Rhel E4s Subscribe
Rhel Eus Subscribe
Rhel Tus Subscribe

Configuration 1 [-]

AND
OR cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_24h2:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*

Configuration 4 [-]

AND
cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

Configuration 7 [-]

AND
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*

Configuration 8 [-]

AND
OR cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Configuration 9 [-]

AND
OR cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*

Configuration 11 [-]

AND
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*

Configuration 12 [-]

AND
OR cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 13 [-]

OR cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
dotnet6.0-0:6.0.135-1.el8_10 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:7851 2024-10-09T00:00:00Z
dotnet8.0-0:8.0.110-1.el8_10 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:7868 2024-10-09T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
dotnet6.0-0:6.0.135-1.el8_6 cpe:/a:redhat:rhel_aus:8.6 RHSA-2024:8082 2024-10-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
dotnet6.0-0:6.0.135-1.el8_6 cpe:/a:redhat:rhel_tus:8.6 RHSA-2024:8082 2024-10-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
dotnet6.0-0:6.0.135-1.el8_6 cpe:/a:redhat:rhel_e4s:8.6 RHSA-2024:8082 2024-10-14T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
dotnet6.0-0:6.0.135-1.el8_8 cpe:/a:redhat:rhel_eus:8.8 RHSA-2024:8036 2024-10-14T00:00:00Z
Red Hat Enterprise Linux 9
dotnet6.0-0:6.0.135-1.el9_4 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:7867 2024-10-09T00:00:00Z
dotnet8.0-0:8.0.110-1.el9_4 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:7869 2024-10-09T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
dotnet6.0-0:6.0.135-1.el9_0 cpe:/a:redhat:rhel_e4s:9.0 RHSA-2024:8048 2024-10-14T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
dotnet6.0-0:6.0.135-1.el9_2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:8047 2024-10-14T00:00:00Z

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-3115 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Github GHSA Github GHSA GHSA-qj66-m88j-hmgj Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability
Ubuntu USN Ubuntu USN USN-7058-1 .NET vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43483 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-43483 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-43483 cve-icon
History

Wed, 11 Dec 2024 04:00:00 +0900

Type Values Removed Values Added
CPEs cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:powershell:7.4:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Vendors & Products Microsoft powershell
Microsoft visual Studio

Thu, 24 Oct 2024 08:15:00 +0900

Type Values Removed Values Added
First Time appeared Microsoft powershell
CPEs cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:powershell:7.4:-:*:*:*:*:*:*
Vendors & Products Microsoft powershell

Tue, 22 Oct 2024 03:00:00 +0900

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft visual Studio 2022
Microsoft windows
Microsoft windows 10 1507
Microsoft windows 10 1607
Microsoft windows 10 1809
Microsoft windows 10 21h2
Microsoft windows 10 22h2
Microsoft windows 11 21h2
Microsoft windows 11 22h2
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows Server 2008
Microsoft windows Server 2012
Microsoft windows Server 2016
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2022 23h2
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_24h2:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft visual Studio 2022
Microsoft windows
Microsoft windows 10 1507
Microsoft windows 10 1607
Microsoft windows 10 1809
Microsoft windows 10 21h2
Microsoft windows 10 22h2
Microsoft windows 11 21h2
Microsoft windows 11 22h2
Microsoft windows 11 23h2
Microsoft windows 11 24h2
Microsoft windows Server 2008
Microsoft windows Server 2012
Microsoft windows Server 2016
Microsoft windows Server 2019
Microsoft windows Server 2022
Microsoft windows Server 2022 23h2

Wed, 16 Oct 2024 11:30:00 +0900

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_tus:8.6
Vendors & Products Redhat rhel Aus
Redhat rhel Tus

Tue, 15 Oct 2024 11:30:00 +0900

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
Vendors & Products Redhat rhel E4s
Redhat rhel Eus

Thu, 10 Oct 2024 11:30:00 +0900

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Thu, 10 Oct 2024 05:15:00 +0900

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 09 Oct 2024 22:30:00 +0900

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 09 Oct 2024 02:45:00 +0900

Type Values Removed Values Added
Description .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Title .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
First Time appeared Microsoft
Microsoft .net
Microsoft .net Framework
Microsoft visual Studio
Weaknesses CWE-407
CPEs cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft .net
Microsoft .net Framework
Microsoft visual Studio
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2025-07-08T15:39:00.331Z

Reserved: 2024-08-14T01:08:33.518Z

Link: CVE-2024-43483

cve-icon Vulnrichment

Updated: 2024-10-08T18:54:50.587Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-08T18:15:10.367

Modified: 2024-10-21T17:35:34.827

Link: CVE-2024-43483

cve-icon Redhat

Severity : Important

Publid Date: 2024-10-08T00:00:00Z

Links: CVE-2024-43483 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses