Fluid Attacks Database

Description

A denial of service vulnerability exists in .NET applications with OpenSSL support when parsing X509 certificates. The issue arises from inadequate validation of user-supplied input in .NET. This flaw allows a remote attacker to trigger a denial of service (DoS) attack by providing specially crafted input.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel9.0	dotnet6.0	<0:6.0.127-1.el9_0	0:6.0.127-1.el9_0
rpm rhel8	dotnet7.0	<0:7.0.116-1.el8_9 \|\| >=0:7.0.119, <0:7.0.119-1.el8_10	0:7.0.119-1.el8_10
rpm rhel8	dotnet6.0	<0:6.0.127-1.el8_9	0:6.0.127-1.el8_9
rpm rhel8.8	dotnet6.0	<0:6.0.127-1.el8_8	0:6.0.127-1.el8_8
rpm rhel8.6	dotnet6.0	<0:6.0.127-1.el8_6	0:6.0.127-1.el8_6
rpm rhel9	dotnet6.0	<0:6.0.127-1.el9_3	0:6.0.127-1.el9_3
rpm rhel9.2	dotnet6.0	<0:6.0.127-1.el9_2.1	0:6.0.127-1.el9_2.1
rpm rhel9	dotnet7.0	<0:7.0.116-1.el9_3 \|\| >=0:7.0.119, <0:7.0.119-1.el9_4	0:7.0.119-1.el9_4
rpm rhel8.8	dotnet7.0	<0:7.0.116-1.el8_8	0:7.0.116-1.el8_8
rpm rhel9.2	dotnet7.0	<0:7.0.116-1.el9_2	0:7.0.116-1.el9_2

1-10 of 12

Aliases

1. CVE-2024-214042. NVD-2024-214043. OSV-2024-21404

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.