CVE-2022-21911 - Vulnerability Details

.NET Framework Denial of Service Vulnerability

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.20804.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	.net Framework Windows 10 Windows 11 Windows 7 Windows 8.1 Windows Server Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019

Configuration 1 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:4.6:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.8:::::::*

cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*

Configuration 5 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:4.6:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*

Configuration 7 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:4.6:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

Configuration 8 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:4.6:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Configuration 9 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:4.6:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*

Configuration 10 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:4.6:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*

Configuration 11 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:4.6:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*

Configuration 12 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.8:::::::*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*

Configuration 13 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*

Configuration 14 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:4.6:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*

Configuration 15 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

Configuration 17 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*

Configuration 18 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*

Configuration 19 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.8:::::::*

cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*

Configuration 20 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.8:::::::*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*

Configuration 21 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*

Configuration 22 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.8:::::::*

cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*

Configuration 23 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.8:::::::*

cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*

Configuration 24 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.8:::::::*

cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*

Configuration 25 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*

Configuration 26 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*

Configuration 28 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:4.6:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*

Configuration 29 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*

Configuration 30 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*

Configuration 31 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*

Configuration 32 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x86:*

Configuration 34 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x64:*

Configuration 35 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*

Configuration 38 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*

Configuration 41 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x86:*

Configuration 42 [-]

AND

cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x86:*

Configuration 43 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.6:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_8.1:-::::rt:::
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*

Configuration 45 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_8.1:-::::rt:::
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*

Configuration 46 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:4.6:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*

Configuration 48 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.8:::::::*

OR	cpe:2.3:o:microsoft:windows_10:20h2::::::x86:
	cpe:2.3:o:microsoft:windows_10:21h1::::::arm64:
	cpe:2.3:o:microsoft:windows_10:21h1::::::x86:
	cpe:2.3:o:microsoft:windows_10:21h2::::::arm64:
	cpe:2.3:o:microsoft:windows_10:21h2::::::x86:
	cpe:2.3:o:microsoft:windows_11:-::::::x64:
	cpe:2.3:o:microsoft:windows_server:2022:::::::*

Configuration 49 [-]

AND

cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*

Configuration 50 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:-::::::
	cpe:2.3:a:microsoft:.net_framework:4.8:::::::*

OR	cpe:2.3:o:microsoft:windows_10:20h2::::::x64:
	cpe:2.3:o:microsoft:windows_server:20h2:::::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*

Configuration 51 [-]

AND

OR	cpe:2.3:a:microsoft:.net_framework:4.6:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21911
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21911

History

Thu, 02 Jan 2025 18:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:microsoft:.net:2.0:sp2:::::: cpe:2.3:a:microsoft:.net:3.5.1:::::::* cpe:2.3:a:microsoft:.net:3.5:::::::* cpe:2.3:a:microsoft:.net:4.7.2:::::::* cpe:2.3:a:microsoft:.net:4.8:::::::* cpe:2.3:a:microsoft:.net_framework:3.5:::::::*
Vendors & Products	Microsoft .net

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21911

Thu, 14 Nov 2024 21:45:00 +0000

Type	Values Removed	Values Added
References	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21911

Thu, 14 Nov 2024 20:30:00 +0000

Type	Values Removed	Values Added
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21911

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2022-01-11T20:23:12

Updated: 2025-01-02T18:22:31.930Z

Reserved: 2021-12-14T00:00:00

Link: CVE-2022-21911

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-01-11T21:15:13.027

Modified: 2024-11-21T06:45:41.433

Link: CVE-2022-21911

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object