As per reports, Microsoft .NET core and Visual Studio were found with a Denial of Service, which can be exploited by threat actors. Microsoft has released patches to fix this vulnerability for both .NET and Visual Studio Products.
RedHat stated that this vulnerability allows a threat actor to bypass the QUIC stream limit in both ASP.NET and .NET runtimes in the HTTP version 3, which causes a Denial of Service vulnerability. RedHat has also released patches for this vulnerability.
This vulnerability has a low exploitability vector. However, this highly affects the availability of the CIA triad of Microsoft products.
Ubuntu Plugins
In addition to this, Tenable has released plugins to find this vulnerability through Nessus scans.
| ID | Name | Product | Family | Severity |
| 179502 | Ubuntu 23.04: .NET vulnerabilities (USN-6278-1) | Nessus | Ubuntu Local Security Checks | HIGH |
| 179584 | Ubuntu 23.04 : .NET vulnerabilities (USN-6278-1) | Nessus | Ubuntu Local Security Checks | HIGH |
API Security Fundamentals: How to Discover, Scan and Protect APIs
API Attacks Have Increased by 400% – Understand the Fundamentals of Protecting Your APIs with a Positive Security Model – Register Now for a Free Webinar
CVE-2023-38178: .NET Core and Visual Studio Denial of Service Vulnerability
This is a Denial of Service vulnerability that threat actors can exploit to make the service unavailable to ordinary users. The CVSS Score for this vulnerability was given as 7.5 (High). Microsoft has confirmed the confidence of this vulnerability.
Affected Products
Products that were affected due to this Denial of Service vulnerability include the following.
| Affected Products | Version |
| Microsoft Visual Studio 2022 | 17.4 |
| Microsoft Visual Studio 2022 | 17.2 |
| .NET | 6.0 |
Fixed in Version
Microsoft has released patches for the affected products as below.
| Product | Fixed in Version |
| Microsoft Visual Studio 2022 | 17.4.10 |
| Microsoft Visual Studio 2022 | 17.2.18 |
| .NET | 6.0.21 |
Users of these products are recommended to upgrade to the latest versions of these products to prevent threat actors from exploiting them.
Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.
