Search

Find a vulnerability

Search criteria

    152 vulnerabilities found for Microsoft Visual Studio 2022 version 17.6 by Microsoft

    CVE-2025-21178 (GCVE-0-2025-21178)

    Vulnerability from nvd – Published: 2025-01-14 18:04 – Updated: 2026-06-09 18:29
    VLAI
    Title
    Visual Studio Remote Code Execution Vulnerability
    Summary
    Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2025-01-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T04:55:34.330681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:20.630Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.24252.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.69",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.43",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.10",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.4",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.22",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.17",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.69",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.43",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.22",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.17",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.10",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.24252.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.4",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:05.178Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178"
            }
          ],
          "title": "Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21178",
        "datePublished": "2025-01-14T18:04:01.376Z",
        "dateReserved": "2024-12-05T21:43:30.761Z",
        "dateUpdated": "2026-06-09T18:29:05.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21176 (GCVE-0-2025-21176)

    Vulnerability from nvd – Published: 2025-01-14 18:04 – Updated: 2026-06-09 18:29
    VLAI
    Title
    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.12 (custom)
    Create a notification for this product.
    Microsoft .NET 9.0 Affected: 9.0.0 , < 9.0.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Affected: 3.0.0.0 , < 10.0.14393.7699 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.04126.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.04775.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.1.09294.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2 Affected: 4.7.0 , < 4.7.04126.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04126.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6/4.6.2 Affected: 10.0.0.0 , < 10.0.10240.20890 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.04775.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2015 Update 3 Affected: 14.0.0 , < 14.0.24252.2 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Affected: 15.9.0 , < 15.9.69 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Affected: 16.11.0 , < 16.11.43 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.10 Affected: 17.10.0 , < 17.10.10 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.12 Affected: 17.12.0 , < 17.12.4 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.17 (custom)
    Create a notification for this product.
    Date Public
    2025-01-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T04:55:35.746787Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:21.089Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-06T14:24:52.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21176"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.12",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.7699",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04126.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04775.01",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2022, 23H2 Edition (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.1.09294.01",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04126.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04126.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 for 32-bit Systems",
                "Windows 10 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 4.6/4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.20890",
                  "status": "affected",
                  "version": "10.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04775.01",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.24252.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.69",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.43",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.10",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.4",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.22",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.17",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.69",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.43",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.22",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.17",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.10",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.24252.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.4",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.12",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.1.09294.01",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04775.01",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04775.01",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04126.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.14393.7699",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04126.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04126.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.10240.20890",
                      "versionStartIncluding": "10.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126: Buffer Over-read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:04.624Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176"
            }
          ],
          "title": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21176",
        "datePublished": "2025-01-14T18:04:00.852Z",
        "dateReserved": "2024-12-05T21:43:30.761Z",
        "dateUpdated": "2026-06-09T18:29:04.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21173 (GCVE-0-2025-21173)

    Vulnerability from nvd – Published: 2025-01-14 18:04 – Updated: 2026-06-09 18:29
    VLAI
    Title
    .NET Elevation of Privilege Vulnerability
    Summary
    .NET Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-379 - Creation of Temporary File in Directory with Insecure Permissions
    Assigner
    Date Public
    2025-01-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21173",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-15T19:17:43.370703Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-15T19:17:54.375Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-06T14:27:23.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21173"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.12",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.10",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.4",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.22",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.17",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.12",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.4",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.22",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.17",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.10",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-379",
                  "description": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:05.846Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
            }
          ],
          "title": ".NET Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21173",
        "datePublished": "2025-01-14T18:04:02.074Z",
        "dateReserved": "2024-12-05T21:43:30.760Z",
        "dateUpdated": "2026-06-09T18:29:05.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21172 (GCVE-0-2025-21172)

    Vulnerability from nvd – Published: 2025-01-14 18:04 – Updated: 2026-06-09 18:29
    VLAI
    Title
    .NET and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Date Public
    2025-01-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21172",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T04:55:37.191468Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:12.470Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-06T14:13:11.262Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21172"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.12",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.24252.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.69",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.43",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.10",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.4",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.22",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.17",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.69",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.43",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.22",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.17",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.10",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.24252.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.4",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.12",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:55.348Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172"
            }
          ],
          "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21172",
        "datePublished": "2025-01-14T18:04:38.469Z",
        "dateReserved": "2024-12-05T21:43:30.760Z",
        "dateUpdated": "2026-06-09T18:29:55.348Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21171 (GCVE-0-2025-21171)

    Vulnerability from nvd – Published: 2025-01-14 18:03 – Updated: 2026-06-09 18:28
    VLAI
    Title
    .NET Remote Code Execution Vulnerability
    Summary
    .NET Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Date Public
    2025-01-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21171",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T04:55:38.562774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:27.127Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.10",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.4",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.22",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.17",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.5.0",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.5.0",
                      "versionStartIncluding": "7.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.4",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.22",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.17",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.10",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:28:17.497Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171"
            }
          ],
          "title": ".NET Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21171",
        "datePublished": "2025-01-14T18:03:22.942Z",
        "dateReserved": "2024-12-05T21:43:30.760Z",
        "dateUpdated": "2026-06-09T18:28:17.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-49044 (GCVE-0-2024-49044)

    Vulnerability from nvd – Published: 2024-11-12 17:53 – Updated: 2025-07-08 15:41
    VLAI
    Title
    Visual Studio Elevation of Privilege Vulnerability
    Summary
    Visual Studio Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Date Public
    2024-11-12 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49044",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T04:55:44.267016Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-09T17:40:36.462Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.21",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.16",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.9",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.6",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.21",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.16",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.9",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.6",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-11-12T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T15:41:23.957Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49044"
            }
          ],
          "title": "Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-49044",
        "datePublished": "2024-11-12T17:53:55.992Z",
        "dateReserved": "2024-10-11T20:57:49.187Z",
        "dateUpdated": "2025-07-08T15:41:23.957Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-43499 (GCVE-0-2024-43499)

    Vulnerability from nvd – Published: 2024-11-12 17:53 – Updated: 2025-08-27 21:33
    VLAI
    Title
    .NET and Visual Studio Denial of Service Vulnerability
    Summary
    .NET and Visual Studio Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
    • CWE-606 - Unchecked Input for Loop Condition
    Assigner
    References
    Date Public
    2024-11-12 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43499",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T16:28:19.318382Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T21:33:04.437Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.21",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.9",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.16",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.6",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.5.0",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.0",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.21",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.9",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.16",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.6",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.5.0",
                      "versionStartIncluding": "7.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.0",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-11-12T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Denial of Service Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-409",
                  "description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-606",
                  "description": "CWE-606: Unchecked Input for Loop Condition",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T15:40:59.877Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43499"
            }
          ],
          "title": ".NET and Visual Studio Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43499",
        "datePublished": "2024-11-12T17:53:35.848Z",
        "dateReserved": "2024-08-14T01:08:33.522Z",
        "dateUpdated": "2025-08-27T21:33:04.437Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-43498 (GCVE-0-2024-43498)

    Vulnerability from nvd – Published: 2024-11-12 17:53 – Updated: 2025-07-08 15:41
    VLAI
    Title
    .NET and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    References
    Date Public
    2024-11-12 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43498",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T20:11:42.647690Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T20:11:59.384Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.5.0",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.16",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.21",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.9",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.6",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.0",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.5.0",
                      "versionStartIncluding": "7.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.16",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.21",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.9",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.6",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.0",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-11-12T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T15:41:30.297Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498"
            }
          ],
          "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43498",
        "datePublished": "2024-11-12T17:53:58.782Z",
        "dateReserved": "2024-08-14T01:08:33.521Z",
        "dateUpdated": "2025-07-08T15:41:30.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-43603 (GCVE-0-2024-43603)

    Vulnerability from nvd – Published: 2024-10-08 17:36 – Updated: 2026-06-09 18:29
    VLAI
    Title
    Visual Studio Collector Service Denial of Service Vulnerability
    Summary
    Visual Studio Collector Service Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Date Public
    2024-10-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43603",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:35:39.922024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T19:27:12.025Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.27561.00",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.67",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.41",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.8",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.5",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.20",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.15",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.5",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.67",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.41",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.20",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.15",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.8",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.27561.00",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Collector Service Denial of Service Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:21.358Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Collector Service Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603"
            }
          ],
          "title": "Visual Studio Collector Service Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43603",
        "datePublished": "2024-10-08T17:36:17.098Z",
        "dateReserved": "2024-08-14T01:08:33.551Z",
        "dateUpdated": "2026-06-09T18:29:21.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-43590 (GCVE-0-2024-43590)

    Vulnerability from nvd – Published: 2024-10-08 17:36 – Updated: 2026-06-09 18:29
    VLAI
    Title
    Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
    Summary
    Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Date Public
    2024-10-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43590",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:34:14.182011Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:34:32.825Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.67",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.41",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.8",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.5",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.20",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.15",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Visual C++ Redistributable Installer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.40.33816",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_c_plus_plus_redistributable_installer:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.40.33816",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.67",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.41",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.20",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.15",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.8",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.5",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:18.272Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43590"
            }
          ],
          "title": "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43590",
        "datePublished": "2024-10-08T17:36:14.169Z",
        "dateReserved": "2024-08-14T01:08:33.548Z",
        "dateUpdated": "2026-06-09T18:29:18.272Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-43485 (GCVE-0-2024-43485)

    Vulnerability from nvd – Published: 2024-10-08 17:35 – Updated: 2026-06-09 18:28
    VLAI
    Title
    .NET and Visual Studio Denial of Service Vulnerability
    Summary
    .NET and Visual Studio Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-407 - Inefficient Algorithmic Complexity
    Assigner
    References
    Date Public
    2024-10-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43485",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:54:45.795602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T19:47:57.831Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.35",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.10",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.8",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.5",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.20",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.15",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.24",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.5.0",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.24",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.4.6",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.20",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.15",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.8",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.5",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.5.0",
                      "versionStartIncluding": "7.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.10",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.35",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Denial of Service Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-407",
                  "description": "CWE-407: Inefficient Algorithmic Complexity",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:28:35.398Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43485"
            }
          ],
          "title": ".NET and Visual Studio Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43485",
        "datePublished": "2024-10-08T17:35:47.290Z",
        "dateReserved": "2024-08-14T01:08:33.518Z",
        "dateUpdated": "2026-06-09T18:28:35.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-43484 (GCVE-0-2024-43484)

    Vulnerability from nvd – Published: 2024-10-08 17:35 – Updated: 2026-06-09 18:28
    VLAI
    Title
    .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
    Summary
    .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-407 - Inefficient Algorithmic Complexity
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft .NET 6.0 Affected: 6.0.0 , < 6.0.35 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.10 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Affected: 2.0.0 , < 3.0.30729.8974 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Affected: 3.0.0 , < 3.0.30729.8974 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 3.5.30729.8973 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.04115.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.04762.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.1.9277.03 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5.1 Affected: 3.5.0 , < 3.5.1.30729.8974 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2 Affected: 4.7.0 , < 4.7.04115.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04115.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6/4.6.2 Affected: 10.0.0.0 , < 10.0.10240.20796 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.04762.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.10 Affected: 17.10 , < 17.10.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.11 Affected: 17.11 , < 17.11.5 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.20 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.15 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.2 Affected: 7.2.0 , < 7.2.24 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.4 Affected: 7.4.0 , < 7.4.6 (custom)
    Create a notification for this product.
    Date Public
    2024-10-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43484",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:54:47.769303Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T19:48:20.527Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-03-28T15:03:03.559Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250328-0007/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.35",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.10",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 2.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.30729.8974",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 3.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.30729.8974",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.5.30729.8973",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04115.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04762.01",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2022, 23H2 Edition (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.1.9277.03",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.5.1.30729.8974",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04115.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04115.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 for 32-bit Systems",
                "Windows 10 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 4.6/4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.20796",
                  "status": "affected",
                  "version": "10.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04762.01",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.8",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.5",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.20",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.15",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.24",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.24",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.4.6",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.20",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.15",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.8",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.5",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.35",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.10",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04115.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04762.01",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04115.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.1.9277.03",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04115.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.10240.20796",
                      "versionStartIncluding": "10.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.30729.8974",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.30729.8974",
                      "versionStartIncluding": "3.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.30729.8973",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.1.30729.8974",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04762.01",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-407",
                  "description": "CWE-407: Inefficient Algorithmic Complexity",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789: Memory Allocation with Excessive Size Value",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:28:34.765Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43484"
            }
          ],
          "title": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43484",
        "datePublished": "2024-10-08T17:35:46.715Z",
        "dateReserved": "2024-08-14T01:08:33.518Z",
        "dateUpdated": "2026-06-09T18:28:34.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-43483 (GCVE-0-2024-43483)

    Vulnerability from nvd – Published: 2024-10-08 17:35 – Updated: 2026-06-09 18:28
    VLAI
    Title
    .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
    Summary
    .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-407 - Inefficient Algorithmic Complexity
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft .NET 6.0 Affected: 6.0.0 , < 6.0.35 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.10 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Affected: 2.0.0 , < 3.0.30729.8974 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Affected: 3.0.0 , < 3.0.30729.8974 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 3.5.30729.8973 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.04115.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.04762.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.1.9277.03 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5.1 Affected: 3.5.0 , < 3.5.1.30729.8974 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2 Affected: 4.7.0 , < 4.7.04115.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04115.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6/4.6.2 Affected: 10.0.0.0 , < 10.0.10240.20796 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.04762.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.10 Affected: 17.10 , < 17.10.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.11 Affected: 17.11 , < 17.11.5 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.20 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.15 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.2 Affected: 7.2.0 , < 7.2.24 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.4 Affected: 7.4.0 , < 7.4.6 (custom)
    Create a notification for this product.
    Date Public
    2024-10-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43483",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:54:49.591134Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T19:48:38.422Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.35",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.10",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 2.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.30729.8974",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 3.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.30729.8974",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.5.30729.8973",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04115.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04762.01",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2022, 23H2 Edition (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.1.9277.03",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.5.1.30729.8974",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04115.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04115.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 for 32-bit Systems",
                "Windows 10 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 4.6/4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.20796",
                  "status": "affected",
                  "version": "10.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04762.01",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.8",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.5",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.20",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.15",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.24",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.24",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.4.6",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.20",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.15",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.8",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.5",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.10",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.35",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04762.01",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04762.01",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04115.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04115.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.1.9277.03",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04115.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.10240.20796",
                      "versionStartIncluding": "10.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.30729.8974",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.30729.8974",
                      "versionStartIncluding": "3.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.30729.8973",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.1.30729.8974",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-407",
                  "description": "CWE-407: Inefficient Algorithmic Complexity",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:28:34.191Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43483"
            }
          ],
          "title": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43483",
        "datePublished": "2024-10-08T17:35:46.198Z",
        "dateReserved": "2024-08-14T01:08:33.518Z",
        "dateUpdated": "2026-06-09T18:28:34.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-38229 (GCVE-0-2024-38229)

    Vulnerability from nvd – Published: 2024-10-08 17:35 – Updated: 2026-06-09 18:27
    VLAI
    Title
    .NET and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2024-10-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38229",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:55:00.476544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:55:12.358Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-06T14:16:53.780Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.herodevs.com/vulnerability-directory/cve-2024-38229"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.10",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.8",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.5",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.20",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.15",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.20",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.15",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.8",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.10",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.5",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:27:55.546Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38229"
            }
          ],
          "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-38229",
        "datePublished": "2024-10-08T17:35:16.768Z",
        "dateReserved": "2024-06-11T22:36:08.227Z",
        "dateUpdated": "2026-06-09T18:27:55.546Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-38168 (GCVE-0-2024-38168)

    Vulnerability from nvd – Published: 2024-08-13 17:29 – Updated: 2025-07-10 16:33
    VLAI
    Title
    .NET and Visual Studio Denial of Service Vulnerability
    Summary
    .NET and Visual Studio Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Date Public
    2024-08-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38168",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-15T14:23:57.648145Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-15T14:24:10.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.8",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.18",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.6",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.13",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.8",
                      "versionStartIncluding": "8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.18",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.6",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.13",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Denial of Service Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-10T16:33:57.815Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38168"
            }
          ],
          "title": ".NET and Visual Studio Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-38168",
        "datePublished": "2024-08-13T17:29:49.113Z",
        "dateReserved": "2024-06-11T22:36:08.212Z",
        "dateUpdated": "2025-07-10T16:33:57.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-38167 (GCVE-0-2024-38167)

    Vulnerability from nvd – Published: 2024-08-13 17:29 – Updated: 2025-07-10 16:33
    VLAI
    Title
    .NET and Visual Studio Information Disclosure Vulnerability
    Summary
    .NET and Visual Studio Information Disclosure Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Date Public
    2024-08-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38167",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T14:59:50.642718Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-14T15:00:19.345Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.6",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.13",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.8",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.18",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.6",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.13",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.8",
                      "versionStartIncluding": "8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.18",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Information Disclosure Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319: Cleartext Transmission of Sensitive Information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-10T16:33:57.201Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38167"
            }
          ],
          "title": ".NET and Visual Studio Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-38167",
        "datePublished": "2024-08-13T17:29:48.525Z",
        "dateReserved": "2024-06-11T22:36:08.212Z",
        "dateUpdated": "2025-07-10T16:33:57.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-21172 (GCVE-0-2025-21172)

    Vulnerability from cvelistv5 – Published: 2025-01-14 18:04 – Updated: 2026-06-09 18:29
    VLAI
    Title
    .NET and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Date Public
    2025-01-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21172",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T04:55:37.191468Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:12.470Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-06T14:13:11.262Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21172"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.12",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.24252.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.69",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.43",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.10",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.4",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.22",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.17",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.69",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.43",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.22",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.17",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.10",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.24252.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.4",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.12",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:55.348Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172"
            }
          ],
          "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21172",
        "datePublished": "2025-01-14T18:04:38.469Z",
        "dateReserved": "2024-12-05T21:43:30.760Z",
        "dateUpdated": "2026-06-09T18:29:55.348Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21173 (GCVE-0-2025-21173)

    Vulnerability from cvelistv5 – Published: 2025-01-14 18:04 – Updated: 2026-06-09 18:29
    VLAI
    Title
    .NET Elevation of Privilege Vulnerability
    Summary
    .NET Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-379 - Creation of Temporary File in Directory with Insecure Permissions
    Assigner
    Date Public
    2025-01-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21173",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-15T19:17:43.370703Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-15T19:17:54.375Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-06T14:27:23.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21173"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.12",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.10",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.4",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.22",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.17",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.12",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.4",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.22",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.17",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.10",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-379",
                  "description": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:05.846Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
            }
          ],
          "title": ".NET Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21173",
        "datePublished": "2025-01-14T18:04:02.074Z",
        "dateReserved": "2024-12-05T21:43:30.760Z",
        "dateUpdated": "2026-06-09T18:29:05.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21178 (GCVE-0-2025-21178)

    Vulnerability from cvelistv5 – Published: 2025-01-14 18:04 – Updated: 2026-06-09 18:29
    VLAI
    Title
    Visual Studio Remote Code Execution Vulnerability
    Summary
    Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2025-01-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T04:55:34.330681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:20.630Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.24252.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.69",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.43",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.10",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.4",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.22",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.17",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.69",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.43",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.22",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.17",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.10",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.24252.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.4",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:05.178Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178"
            }
          ],
          "title": "Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21178",
        "datePublished": "2025-01-14T18:04:01.376Z",
        "dateReserved": "2024-12-05T21:43:30.761Z",
        "dateUpdated": "2026-06-09T18:29:05.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21176 (GCVE-0-2025-21176)

    Vulnerability from cvelistv5 – Published: 2025-01-14 18:04 – Updated: 2026-06-09 18:29
    VLAI
    Title
    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.12 (custom)
    Create a notification for this product.
    Microsoft .NET 9.0 Affected: 9.0.0 , < 9.0.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Affected: 3.0.0.0 , < 10.0.14393.7699 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.04126.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.04775.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.1.09294.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2 Affected: 4.7.0 , < 4.7.04126.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04126.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6/4.6.2 Affected: 10.0.0.0 , < 10.0.10240.20890 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.04775.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2015 Update 3 Affected: 14.0.0 , < 14.0.24252.2 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Affected: 15.9.0 , < 15.9.69 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Affected: 16.11.0 , < 16.11.43 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.10 Affected: 17.10.0 , < 17.10.10 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.12 Affected: 17.12.0 , < 17.12.4 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.17 (custom)
    Create a notification for this product.
    Date Public
    2025-01-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T04:55:35.746787Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:21.089Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-06T14:24:52.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21176"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.12",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.7699",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04126.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04775.01",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2022, 23H2 Edition (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.1.09294.01",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04126.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04126.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 for 32-bit Systems",
                "Windows 10 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 4.6/4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.20890",
                  "status": "affected",
                  "version": "10.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04775.01",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.24252.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.69",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.43",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.10",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.4",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.22",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.17",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.69",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.43",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.22",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.17",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.10",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2015:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.24252.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.4",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.12",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.1.09294.01",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04775.01",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04775.01",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04126.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.14393.7699",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04126.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04126.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.10240.20890",
                      "versionStartIncluding": "10.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126: Buffer Over-read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:04.624Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176"
            }
          ],
          "title": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21176",
        "datePublished": "2025-01-14T18:04:00.852Z",
        "dateReserved": "2024-12-05T21:43:30.761Z",
        "dateUpdated": "2026-06-09T18:29:04.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21171 (GCVE-0-2025-21171)

    Vulnerability from cvelistv5 – Published: 2025-01-14 18:03 – Updated: 2026-06-09 18:28
    VLAI
    Title
    .NET Remote Code Execution Vulnerability
    Summary
    .NET Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Date Public
    2025-01-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21171",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T04:55:38.562774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:27.127Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.10",
                  "status": "affected",
                  "version": "17.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.12.4",
                  "status": "affected",
                  "version": "17.12.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.22",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.17",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.5.0",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.5.0",
                      "versionStartIncluding": "7.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.12.4",
                      "versionStartIncluding": "17.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.22",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.17",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.10",
                      "versionStartIncluding": "17.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-01-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:28:17.497Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171"
            }
          ],
          "title": ".NET Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21171",
        "datePublished": "2025-01-14T18:03:22.942Z",
        "dateReserved": "2024-12-05T21:43:30.760Z",
        "dateUpdated": "2026-06-09T18:28:17.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-43498 (GCVE-0-2024-43498)

    Vulnerability from cvelistv5 – Published: 2024-11-12 17:53 – Updated: 2025-07-08 15:41
    VLAI
    Title
    .NET and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    References
    Date Public
    2024-11-12 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43498",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T20:11:42.647690Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T20:11:59.384Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.5.0",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.16",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.21",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.9",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.6",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.0",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.5.0",
                      "versionStartIncluding": "7.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.16",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.21",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.9",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.6",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.0",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-11-12T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T15:41:30.297Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498"
            }
          ],
          "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43498",
        "datePublished": "2024-11-12T17:53:58.782Z",
        "dateReserved": "2024-08-14T01:08:33.521Z",
        "dateUpdated": "2025-07-08T15:41:30.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-49044 (GCVE-0-2024-49044)

    Vulnerability from cvelistv5 – Published: 2024-11-12 17:53 – Updated: 2025-07-08 15:41
    VLAI
    Title
    Visual Studio Elevation of Privilege Vulnerability
    Summary
    Visual Studio Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Date Public
    2024-11-12 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49044",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T04:55:44.267016Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-09T17:40:36.462Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.21",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.16",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.9",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.6",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.21",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.16",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.9",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.6",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-11-12T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T15:41:23.957Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49044"
            }
          ],
          "title": "Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-49044",
        "datePublished": "2024-11-12T17:53:55.992Z",
        "dateReserved": "2024-10-11T20:57:49.187Z",
        "dateUpdated": "2025-07-08T15:41:23.957Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-43499 (GCVE-0-2024-43499)

    Vulnerability from cvelistv5 – Published: 2024-11-12 17:53 – Updated: 2025-08-27 21:33
    VLAI
    Title
    .NET and Visual Studio Denial of Service Vulnerability
    Summary
    .NET and Visual Studio Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
    • CWE-606 - Unchecked Input for Loop Condition
    Assigner
    References
    Date Public
    2024-11-12 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43499",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T16:28:19.318382Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T21:33:04.437Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.21",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.9",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.16",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.6",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.5.0",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 9.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.0",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.21",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.9",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.16",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.6",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.5.0",
                      "versionStartIncluding": "7.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.0",
                      "versionStartIncluding": "9.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-11-12T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Denial of Service Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-409",
                  "description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-606",
                  "description": "CWE-606: Unchecked Input for Loop Condition",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T15:40:59.877Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43499"
            }
          ],
          "title": ".NET and Visual Studio Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43499",
        "datePublished": "2024-11-12T17:53:35.848Z",
        "dateReserved": "2024-08-14T01:08:33.522Z",
        "dateUpdated": "2025-08-27T21:33:04.437Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-43603 (GCVE-0-2024-43603)

    Vulnerability from cvelistv5 – Published: 2024-10-08 17:36 – Updated: 2026-06-09 18:29
    VLAI
    Title
    Visual Studio Collector Service Denial of Service Vulnerability
    Summary
    Visual Studio Collector Service Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Date Public
    2024-10-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43603",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:35:39.922024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T19:27:12.025Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.27561.00",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.67",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.41",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.8",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.5",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.20",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.15",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.5",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.67",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.41",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.20",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.15",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.8",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.27561.00",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Collector Service Denial of Service Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:21.358Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Collector Service Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603"
            }
          ],
          "title": "Visual Studio Collector Service Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43603",
        "datePublished": "2024-10-08T17:36:17.098Z",
        "dateReserved": "2024-08-14T01:08:33.551Z",
        "dateUpdated": "2026-06-09T18:29:21.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-43590 (GCVE-0-2024-43590)

    Vulnerability from cvelistv5 – Published: 2024-10-08 17:36 – Updated: 2026-06-09 18:29
    VLAI
    Title
    Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
    Summary
    Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Date Public
    2024-10-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43590",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:34:14.182011Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:34:32.825Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.67",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.41",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.8",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.5",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.20",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.15",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Visual C++ Redistributable Installer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.40.33816",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_c_plus_plus_redistributable_installer:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "14.40.33816",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.67",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.41",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.20",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.15",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.8",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.5",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:29:18.272Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43590"
            }
          ],
          "title": "Visual C++ Redistributable Installer Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43590",
        "datePublished": "2024-10-08T17:36:14.169Z",
        "dateReserved": "2024-08-14T01:08:33.548Z",
        "dateUpdated": "2026-06-09T18:29:18.272Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-43485 (GCVE-0-2024-43485)

    Vulnerability from cvelistv5 – Published: 2024-10-08 17:35 – Updated: 2026-06-09 18:28
    VLAI
    Title
    .NET and Visual Studio Denial of Service Vulnerability
    Summary
    .NET and Visual Studio Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-407 - Inefficient Algorithmic Complexity
    Assigner
    References
    Date Public
    2024-10-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43485",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:54:45.795602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T19:47:57.831Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.35",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.10",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.8",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.5",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.20",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.15",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.24",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.5.0",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.24",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.4.6",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.20",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.15",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.8",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.5",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.5.0",
                      "versionStartIncluding": "7.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.10",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.35",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Denial of Service Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-407",
                  "description": "CWE-407: Inefficient Algorithmic Complexity",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:28:35.398Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43485"
            }
          ],
          "title": ".NET and Visual Studio Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43485",
        "datePublished": "2024-10-08T17:35:47.290Z",
        "dateReserved": "2024-08-14T01:08:33.518Z",
        "dateUpdated": "2026-06-09T18:28:35.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-43484 (GCVE-0-2024-43484)

    Vulnerability from cvelistv5 – Published: 2024-10-08 17:35 – Updated: 2026-06-09 18:28
    VLAI
    Title
    .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
    Summary
    .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-407 - Inefficient Algorithmic Complexity
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft .NET 6.0 Affected: 6.0.0 , < 6.0.35 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.10 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Affected: 2.0.0 , < 3.0.30729.8974 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Affected: 3.0.0 , < 3.0.30729.8974 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 3.5.30729.8973 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.04115.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.04762.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.1.9277.03 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5.1 Affected: 3.5.0 , < 3.5.1.30729.8974 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2 Affected: 4.7.0 , < 4.7.04115.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04115.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6/4.6.2 Affected: 10.0.0.0 , < 10.0.10240.20796 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.04762.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.10 Affected: 17.10 , < 17.10.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.11 Affected: 17.11 , < 17.11.5 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.20 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.15 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.2 Affected: 7.2.0 , < 7.2.24 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.4 Affected: 7.4.0 , < 7.4.6 (custom)
    Create a notification for this product.
    Date Public
    2024-10-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43484",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:54:47.769303Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T19:48:20.527Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-03-28T15:03:03.559Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250328-0007/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.35",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.10",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 2.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.30729.8974",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 3.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.30729.8974",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.5.30729.8973",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04115.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04762.01",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2022, 23H2 Edition (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.1.9277.03",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.5.1.30729.8974",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04115.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04115.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 for 32-bit Systems",
                "Windows 10 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 4.6/4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.20796",
                  "status": "affected",
                  "version": "10.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04762.01",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.8",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.5",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.20",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.15",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.24",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.24",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.4.6",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.20",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.15",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.8",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.5",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.35",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.10",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04115.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04762.01",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04115.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.1.9277.03",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04115.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.10240.20796",
                      "versionStartIncluding": "10.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.30729.8974",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.30729.8974",
                      "versionStartIncluding": "3.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.30729.8973",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.1.30729.8974",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04762.01",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-407",
                  "description": "CWE-407: Inefficient Algorithmic Complexity",
                  "lang": "en-US",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789: Memory Allocation with Excessive Size Value",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:28:34.765Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43484"
            }
          ],
          "title": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43484",
        "datePublished": "2024-10-08T17:35:46.715Z",
        "dateReserved": "2024-08-14T01:08:33.518Z",
        "dateUpdated": "2026-06-09T18:28:34.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-43483 (GCVE-0-2024-43483)

    Vulnerability from cvelistv5 – Published: 2024-10-08 17:35 – Updated: 2026-06-09 18:28
    VLAI
    Title
    .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
    Summary
    .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-407 - Inefficient Algorithmic Complexity
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft .NET 6.0 Affected: 6.0.0 , < 6.0.35 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0.0 , < 8.0.10 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Affected: 2.0.0 , < 3.0.30729.8974 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Affected: 3.0.0 , < 3.0.30729.8974 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 3.5.30729.8973 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.04115.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.04762.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.1.9277.03 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5.1 Affected: 3.5.0 , < 3.5.1.30729.8974 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2 Affected: 4.7.0 , < 4.7.04115.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04115.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6/4.6.2 Affected: 10.0.0.0 , < 10.0.10240.20796 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.04762.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.10 Affected: 17.10 , < 17.10.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.11 Affected: 17.11 , < 17.11.5 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.20 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.15 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.2 Affected: 7.2.0 , < 7.2.24 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.4 Affected: 7.4.0 , < 7.4.6 (custom)
    Create a notification for this product.
    Date Public
    2024-10-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43483",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:54:49.591134Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T19:48:38.422Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.35",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.10",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 2.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.30729.8974",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 3.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.30729.8974",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.5.30729.8973",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04115.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04762.01",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows 11 Version 23H2 for x64-based Systems",
                "Windows 11 Version 24H2 for ARM64-based Systems",
                "Windows 11 Version 24H2 for x64-based Systems",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2022, 23H2 Edition (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.1.9277.03",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.5.1.30729.8974",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04115.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04115.01",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 for 32-bit Systems",
                "Windows 10 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 4.6/4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.20796",
                  "status": "affected",
                  "version": "10.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04762.01",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.8",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.5",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.20",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.15",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.24",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PowerShell 7.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.24",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.4.6",
                      "versionStartIncluding": "7.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.20",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.15",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.8",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.5",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.10",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.35",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04762.01",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04762.01",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04115.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04115.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.1.9277.03",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04115.01",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.10240.20796",
                      "versionStartIncluding": "10.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.30729.8974",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.30729.8974",
                      "versionStartIncluding": "3.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.30729.8973",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.5.1.30729.8974",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-407",
                  "description": "CWE-407: Inefficient Algorithmic Complexity",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:28:34.191Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43483"
            }
          ],
          "title": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43483",
        "datePublished": "2024-10-08T17:35:46.198Z",
        "dateReserved": "2024-08-14T01:08:33.518Z",
        "dateUpdated": "2026-06-09T18:28:34.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-38229 (GCVE-0-2024-38229)

    Vulnerability from cvelistv5 – Published: 2024-10-08 17:35 – Updated: 2026-06-09 18:27
    VLAI
    Title
    .NET and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2024-10-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38229",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:55:00.476544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:55:12.358Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-06T14:16:53.780Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.herodevs.com/vulnerability-directory/cve-2024-38229"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.10",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.8",
                  "status": "affected",
                  "version": "17.10",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.11",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.11.5",
                  "status": "affected",
                  "version": "17.11",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.20",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.15",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.20",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.15",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.8",
                      "versionStartIncluding": "17.10",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.10",
                      "versionStartIncluding": "8.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.11.5",
                      "versionStartIncluding": "17.11",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:27:55.546Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38229"
            }
          ],
          "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-38229",
        "datePublished": "2024-10-08T17:35:16.768Z",
        "dateReserved": "2024-06-11T22:36:08.227Z",
        "dateUpdated": "2026-06-09T18:27:55.546Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }