{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36799", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2023-06-27T15:11:59.874Z", "datePublished": "2023-09-12T16:58:38.681Z", "dateUpdated": "2024-08-02T17:01:09.676Z"}, "containers": {"cna": {"title": ".NET Core and Visual Studio Denial of Service Vulnerability", "datePublic": "2023-09-12T07:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": ".NET 6.0", "cpes": ["cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "6.0.0", "lessThan": "6.0.24", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET 7.0", "cpes": ["cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "7.0.0", "lessThan": "7.0.13", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.2", "cpes": ["cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "17.2.0", "lessThan": "17.2.21", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.4", "cpes": ["cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "17.4.0", "lessThan": "17.4.13", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.7", "cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "17.7.0", "lessThan": "17.6.9", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.6", "cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "17.6.0", "lessThan": "17.6.9", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "PowerShell 7.2", "cpes": ["cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "7.2.0", "lessThan": "7.2.14", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "PowerShell 7.3", "cpes": ["cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "7.3.0", "lessThan": "7.2.14", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": ".NET Core and Visual Studio Denial of Service Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en-US", "type": "CWE", "cweId": "CWE-400"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-05-29T02:41:10.655Z"}, "references": [{"name": ".NET Core and Visual Studio Denial of Service Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36799", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-29T16:23:47.132893Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:25:46.976Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:01:09.676Z"}, "title": "CVE Program Container", "references": [{"name": ".NET Core and Visual Studio Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799", "name": ".NET Core and Visual Studio Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:01:09.676Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36799", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-29T16:23:47.132893Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-29T16:24:06.451Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": ".NET Core and Visual Studio Denial of Service Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": ".NET 6.0", "versions": [{"status": "affected", "version": "6.0.0", "lessThan": "6.0.24", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": ".NET 7.0", "versions": [{"status": "affected", "version": "7.0.0", "lessThan": "7.0.13", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.2", "versions": [{"status": "affected", "version": "17.2.0", "lessThan": "17.2.21", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.4", "versions": [{"status": "affected", "version": "17.4.0", "lessThan": "17.4.13", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.7", "versions": [{"status": "affected", "version": "17.7.0", "lessThan": "17.6.9", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.6", "versions": [{"status": "affected", "version": "17.6.0", "lessThan": "17.6.9", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "PowerShell 7.2", "versions": [{"status": "affected", "version": "7.2.0", "lessThan": "7.2.14", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "PowerShell 7.3", "versions": [{"status": "affected", "version": "7.3.0", "lessThan": "7.2.14", "versionType": "custom"}], "platforms": ["Unknown"]}], "datePublic": "2023-09-12T07:00:00+00:00", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799", "name": ".NET Core and Visual Studio Denial of Service Vulnerability", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": ".NET Core and Visual Studio Denial of Service Vulnerability"}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-05-29T02:41:10.655Z"}}}, "cveMetadata": {"cveId": "CVE-2023-36799", "state": "PUBLISHED", "dateUpdated": "2024-08-02T17:01:09.676Z", "dateReserved": "2023-06-27T15:11:59.874Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2023-09-12T16:58:38.681Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "1DE0C8DD-9C73-4876-8193-068F18074B58", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4E2C6C0-FD91-40D9-B1A4-C1C348A156C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7698BEE-8540-4F0C-A500-1393055B88F4", "versionEndExcluding": "17.2.19", "versionStartIncluding": "17.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "8174DBE5-A4BB-4FA6-B921-B2E82B08DAC9", "versionEndExcluding": "17.4.11", "versionStartIncluding": "17.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "16BAD93C-DFE9-4F94-99DC-230195CCD62A", "versionEndExcluding": "17.6.7", "versionStartIncluding": "17.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8241557-9AD7-42D9-AF07-4C7C1A19AB53", "versionEndExcluding": "17.7.4", "versionStartIncluding": "17.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": ".NET Core and Visual Studio Denial of Service Vulnerability"}, {"lang": "es", "value": "Vulnerabilidad de Denegaci\u00f3n de Servicio en .NET Core y Visual Studio"}], "id": "CVE-2023-36799", "lastModified": "2024-05-29T03:16:02.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2023-09-12T17:15:15.253", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "secure@microsoft.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:5142", "cpe": "cpe:/a:redhat:rhel_dotnet:6.0::el7", "package": "rh-dotnet60-dotnet-0:6.0.122-1.el7_9", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2023-09-13T00:00:00Z"}, {"advisory": "RHSA-2023:6249", "cpe": "cpe:/a:redhat:rhel_dotnet:6.0::el7", "package": "rh-dotnet60-dotnet-0:6.0.124-1.el7_9", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2023-11-01T00:00:00Z"}, {"advisory": "RHSA-2023:5144", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet6.0-0:6.0.122-1.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-09-13T00:00:00Z"}, {"advisory": "RHSA-2023:5145", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet7.0-0:7.0.111-1.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-09-13T00:00:00Z"}, {"advisory": "RHSA-2023:6245", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet6.0-0:6.0.124-1.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-01T00:00:00Z"}, {"advisory": "RHSA-2023:6247", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet7.0-0:7.0.113-1.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-01T00:00:00Z"}, {"advisory": "RHSA-2023:5143", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "dotnet6.0-0:6.0.122-1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-09-13T00:00:00Z"}, {"advisory": "RHSA-2023:5146", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "dotnet7.0-0:7.0.111-1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-09-13T00:00:00Z"}, {"advisory": "RHSA-2023:6242", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "dotnet6.0-0:6.0.124-1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-01T00:00:00Z"}, {"advisory": "RHSA-2023:6246", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "dotnet7.0-0:7.0.113-1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-02T00:00:00Z"}], "bugzilla": {"description": "dotnet: Denial of Service with Client Certificates using .NET Kestrel", "id": "2237317", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237317"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": [".NET Core and Visual Studio Denial of Service Vulnerability", "A vulnerability was found in dotnet. This issue can lead to a denial of service when processing X.509 certificates."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-36799", "public_date": "2023-09-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-36799\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36799\nhttps://devblogs.microsoft.com/dotnet/september-2023-updates/"], "threat_severity": "Moderate"}