Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability
Date: 16-Aug-23
Severity: Medium
Affected software
- Any .NET 7.0 application running on .NET 7.0.8 or earlier.
- Any .NET 6.0 application running on .NET 6.0.19 or earlier.
Description
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1, .NET 6.0, and .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A vulnerability exists in Kestrel where, on detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service.
Solution
Apply workarounds at
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180
Original Advisory
Microsoft:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180 NOTE : The information is provide is on “as is “ basis, without assurance of any kind.