Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An attacker could possibly use this issue to achieve remote code execution. This vulnerability only impacted .NET8. (CVE-2024-38229) It was discovered that .NET components designed to process malicious input were susceptible to hash flooding attacks. An attacker could possibly use this issue to cause a denial of service, resulting in a crash. (CVE-2024-43483) It was discovered that the .NET System.IO.Packaging namespace did not properly process SortedList data structures. An attacker could possibly use this issue to cause a denial of service, resulting in a crash. (CVE-2024-43484) It was discovered that .NET did not properly handle the deserialization of of certain JSON properties. An attacker could possibly use this issue to cause a denial of service, resulting in a crash. (CVE-2024-43485)
Continue reading...
Continue reading...
