CVE-2024-43498 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43498
.NET and Visual Studio Remote Code Execution Vulnerability A type confusion vulnerability was found in .NET 9.0 Core in .NET that leads to AV in the .NET Core NrbfDecoder component. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498 https://access.redhat.com/security/cve/CVE-2024-43498 https://bugzilla.redhat.com/show_bug.cgi?id=2323239 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2024-43499 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43499
.NET and Visual Studio Denial of Service Vulnerability A vulnerability was found in .NET. Specifically .NET 9.0 Core - DoS - (unbounded work factor) in NrbfDecoder component • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43499 https://access.redhat.com/security/cve/CVE-2024-43499 https://bugzilla.redhat.com/show_bug.cgi?id=2323240 • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) CWE-606: Unchecked Input for Loop Condition •
CVE-2024-43485 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43485
.NET and Visual Studio Denial of Service Vulnerability A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an [ExtensionData] property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43485 https://access.redhat.com/security/cve/CVE-2024-43485 https://bugzilla.redhat.com/show_bug.cgi?id=2315731 • CWE-407: Inefficient Algorithmic Complexity •
CVE-2024-43484 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43484
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability A flaw was found in dotnet. The System.IO.Packaging library may allow untrusted inputs to influence algorithmically complex operations, resulting in a denial of service. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43484 https://access.redhat.com/security/cve/CVE-2024-43484 https://bugzilla.redhat.com/show_bug.cgi?id=2315729 • CWE-407: Inefficient Algorithmic Complexity CWE-789: Memory Allocation with Excessive Size Value •
CVE-2024-43483 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43483
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability A flaw was found in dotnet. The System.Security.Cryptography.Cose, System.IO.Packaging and System.Runtime.Caching components may be exposed to hostile input, making them susceptible to hash flooding attacks, resulting in denial of service. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43483 https://access.redhat.com/security/cve/CVE-2024-43483 https://bugzilla.redhat.com/show_bug.cgi?id=2315730 • CWE-407: Inefficient Algorithmic Complexity •