Threat Encyclopedia

RHSA-2022:4588-Security Advisory

description-logoDescription

.NET is a managed-software framework. It implements a subset of the .NETframework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are nowavailable. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime6.0.5. Security Fix(es): dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267) dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117) dotnet: parsing HTML causes Denial of Service (CVE-2022-29145) dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267) dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117) dotnet: parsing HTML causes Denial of Service (CVE-2022-29145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): Update .NET 6.0 to SDK 6.0.104 and Runtime 6.0.4 (BZ#2080460) SolutionFor details on how to apply this update, which includes the changes described in this advisory, refer to:https://access.redhat.com/articles/11258

affected-products-logoAffected Applications

dotnet6.0

Telemetry logoTelemetry