{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30046", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2024-03-22T23:12:13.409Z", "datePublished": "2024-05-14T16:57:30.222Z", "dateUpdated": "2024-12-31T19:04:32.759Z"}, "containers": {"cna": {"title": "Visual Studio Denial of Service Vulnerability", "datePublic": "2024-05-14T07:00:00+00:00", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.0", "versionEndExcluding": "7.0.19"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "8.0.5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.0", "versionEndExcluding": "17.9.7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.4.0", "versionEndExcluding": "17.4.19"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.6.0", "versionEndExcluding": "17.6.15"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.8.0", "versionEndExcluding": "17.8.10"}]}]}], "affected": [{"vendor": "Microsoft", "product": ".NET 7.0", "platforms": ["Unknown"], "versions": [{"version": "7.0.0", "lessThan": "7.0.19", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET 8.0", "platforms": ["Unknown"], "versions": [{"version": "1.0.0", "lessThan": "8.0.5", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.9", "platforms": ["Unknown"], "versions": [{"version": "17.0", "lessThan": "17.9.7", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.4", "platforms": ["Unknown"], "versions": [{"version": "17.4.0", "lessThan": "17.4.19", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.6", "platforms": ["Unknown"], "versions": [{"version": "17.6.0", "lessThan": "17.6.15", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.8", "platforms": ["Unknown"], "versions": [{"version": "17.8.0", "lessThan": "17.8.10", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Visual Studio Denial of Service Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "lang": "en-US", "type": "CWE", "cweId": "CWE-362"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-12-31T19:04:32.759Z"}, "references": [{"name": "Visual Studio Denial of Service Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30046", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-15T16:43:57.442813Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:38:33.988Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:25:02.716Z"}, "title": "CVE Program Container", "references": [{"name": "Visual Studio Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046", "name": "Visual Studio Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:25:02.716Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30046", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-15T16:43:57.442813Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-15T16:41:44.720Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Visual Studio Denial of Service Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": ".NET 7.0", "versions": [{"status": "affected", "version": "7.0.0", "lessThan": "7.0.19", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": ".NET 8.0", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "8.0.5", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.9", "versions": [{"status": "affected", "version": "17.0", "lessThan": "17.9.7", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.4", "versions": [{"status": "affected", "version": "17.4.0", "lessThan": "17.4.19", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.6", "versions": [{"status": "affected", "version": "17.6.0", "lessThan": "17.6.15", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.8", "versions": [{"status": "affected", "version": "17.8.0", "lessThan": "17.8.10", "versionType": "custom"}], "platforms": ["Unknown"]}], "datePublic": "2024-05-14T07:00:00+00:00", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046", "name": "Visual Studio Denial of Service Vulnerability", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": "Visual Studio Denial of Service Vulnerability"}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "7.0.19", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "8.0.5", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.9.7", "versionStartIncluding": "17.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.4.19", "versionStartIncluding": "17.4.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.6.15", "versionStartIncluding": "17.6.0"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.8.10", "versionStartIncluding": "17.8.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-12-31T19:04:32.759Z"}}}, "cveMetadata": {"cveId": "CVE-2024-30046", "state": "PUBLISHED", "dateUpdated": "2024-12-31T19:04:32.759Z", "dateReserved": "2024-03-22T23:12:13.409Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2024-05-14T16:57:30.222Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "98AEF40E-333C-4B7C-A1A7-522459C01F90", "versionEndExcluding": "7.0.19", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "19A6ED34-B810-42BF-9256-8632F965EBED", "versionEndExcluding": "8.0.5", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8851D8F-C0FC-4957-846E-BEF69B88B9D6", "versionEndExcluding": "17.4.19", "versionStartIncluding": "17.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "24B799F3-962A-4366-9B5C-2F60E2098B7D", "versionEndExcluding": "17.6.15", "versionStartIncluding": "17.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "55C50579-44BA-4C6A-9CD5-A71D3D80F4E5", "versionEndExcluding": "17.8.10", "versionStartIncluding": "17.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA2D642F-B4D4-4B84-ACCA-653201079267", "versionEndExcluding": "17.9.7", "versionStartIncluding": "17.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Visual Studio Denial of Service Vulnerability"}, {"lang": "es", "value": "Vulnerabilidad de denegaci\u00f3n de servicio de Visual Studio"}], "id": "CVE-2024-30046", "lastModified": "2025-01-08T18:29:04.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2024-05-14T17:17:17.880", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "secure@microsoft.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3340", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet7.0-0:7.0.119-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3345", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet8.0-0:8.0.105-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:2842", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "dotnet8.0-0:8.0.105-1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-05-14T00:00:00Z"}, {"advisory": "RHSA-2024:2843", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "dotnet7.0-0:7.0.119-1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-05-15T00:00:00Z"}], "bugzilla": {"description": "dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop()", "id": "2279697", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279697"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-833", "details": ["Visual Studio Denial of Service Vulnerability", "A flaw was found in ASP.NET Core. A deadlock condition can be triggered in Http2OutputProducer.Stop(), which may lead to a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-30046", "public_date": "2024-05-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-30046\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-30046"], "threat_severity": "Moderate"}