Vulnerability CVE-2024-0057: Information

Description

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-0057
Published: Jan. 9, 2024
Modified: May 29, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
dotnet-bootstrap-7.0sisyphus7.0.17-alt17.0.17-alt1ALT-PU-2024-5998-2344471Fixed
dotnet-bootstrap-7.0p117.0.17-alt17.0.17-alt1ALT-PU-2024-5998-2344471Fixed
dotnet-bootstrap-8.0sisyphus8.0.2-alt18.0.3-alt1ALT-PU-2024-2556-1341007In work
dotnet-bootstrap-8.0p108.0.2-alt18.0.2-alt1ALT-PU-2024-2556-1341007In work
dotnet-bootstrap-8.0p118.0.2-alt18.0.3-alt1ALT-PU-2024-2556-1341007In work
dotnet-runtime-7.0sisyphus7.0.17-alt17.0.17-alt1ALT-PU-2024-6034-2344471Fixed
dotnet-runtime-7.0p117.0.17-alt17.0.17-alt1ALT-PU-2024-6034-2344471Fixed
dotnet-runtime-8.0sisyphus8.0.2-alt18.0.3-alt1ALT-PU-2024-2554-2341007In work
dotnet-runtime-8.0p108.0.2-alt18.0.2-alt1ALT-PU-2024-2554-2341007In work
dotnet-runtime-8.0p118.0.2-alt18.0.3-alt1ALT-PU-2024-2554-2341007In work
dotnet-sdk-8.0sisyphus8.0.102-alt18.0.103-alt1ALT-PU-2024-2557-2341007In work
dotnet-sdk-8.0p108.0.102-alt18.0.102-alt2ALT-PU-2024-2557-2341007In work
dotnet-sdk-8.0p118.0.102-alt18.0.103-alt1ALT-PU-2024-2557-2341007In work

References to Advisories, Solutions, and Tools

Hyperlink
Resource
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
  • Patch
  • Vendor Advisory
https://security.netapp.com/advisory/ntap-20240208-0007/
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
      Start including
      17.2
      End excliding
      17.2.23
      cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
      Start including
      17.4
      End excliding
      17.4.15
      cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
      Start including
      17.6
      End excliding
      17.6.11
      cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
      Start including
      17.8
      End excliding
      17.8.4
      cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*
      Start including
      7.2
      End excliding
      7.2.18
      cpe:2.3:a:microsoft:powershell:7.4:-:*:*:*:*:*:*
      cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*
      Start including
      7.3
      End excliding
      7.3.11

      Configuration 2

      cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

      Configuration 4

      cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
      cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
      cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
      cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
      cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:arm64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*

      Configuration 6

      cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*
      cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*

      Configuration 7

      cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
      cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

      Configuration 8

      cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
      cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*

      Configuration 9

      cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
      Start including
      7.0.0
      End excliding
      7.0.15
      cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
      Start including
      6.0.0
      End excliding
      6.0.26
      cpe:2.3:a:microsoft:.net:8.0.0:-:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top