Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU77235
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-29331
CWE-ID: CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in .NET, .NET Framework, and Visual Studio. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support: 8.6 - 8.6
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.6 - 8.6
Red Hat Enterprise Linux Server - TUS: 8.6 - 8.6
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.6 - 8.6
Red Hat Enterprise Linux Server - AUS: 8.6 - 8.6
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.6 - 8.6
dotnet6.0 (Red Hat package): before 6.0.120-1.el8_6
CPE2.3
External links
http://access.redhat.com/errata/RHSA-2023:4448
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU77278
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-29337