SecuriTricks - CVE-2024-43499

Description

.NET and Visual Studio Denial of Service Vulnerability

Product(s) Impacted

Vendor	Product	Versions
Microsoft	.net Windows Visual Studio 2022	9.0.0 - *
Apple	Macos	-
Linux	Linux Kernel	-

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-409

Improper Handling of Highly Compressed Data (Data Amplification)

The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

CWE-606

Unchecked Input for Loop Condition

The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	microsoft	.net	9.0.0	/	/	/	/	/	/	/
o	apple	macos	-	/	/	/	/	/	/	/
o	linux	linux_kernel	-	/	/	/	/	/	/	/
o	microsoft	windows	-	/	/	/	/	/	/	/
a	microsoft	visual_studio_2022	/	/	/	/	/	/	/	/
a	microsoft	visual_studio_2022	/	/	/	/	/	/	/	/
a	microsoft	visual_studio_2022	/	/	/	/	/	/	/	/
a	microsoft	visual_studio_2022	/	/	/	/	/	/	/	/

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43499

CVSS Score

7.5 / 10

CVSS Data

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Date

Published: Nov. 12, 2024, 6:15 p.m.
Last Modified: Nov. 19, 2024, 7:59 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secure@microsoft.com

CVE-2024-43499