CVE-2023-38180
HIGH KEV.NET 6.0.0-6.0.20 and ASP.NET Core 2.1-2.1.39 - Denial of Service
Title source: llmExploitation Summary
CVE-2023-38180 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added August 9, 2023.
Description
.NET and Visual Studio Denial of Service Vulnerability
References (4)
Core 4
Core References
Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V/
Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY/
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38180
Patch, Vendor Advisory vendor-advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180
Scores
CVSS v3
7.5
EPSS
0.0088
EPSS Percentile
75.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2023-08-09
VulnCheck KEV
2023-08-09
InTheWild.io
2023-08-08
ENISA EUVD
EUVD-2023-2363
CWE
CWE-400
Status
published
Products (10)
fedoraproject/fedora
37
fedoraproject/fedora
38
microsoft/.net
6.0.0 - 6.0.21
microsoft/asp.net_core
2.1 - 2.1.40
microsoft/visual_studio_2022
17.2.0 - 17.2.18
nuget/Microsoft.AspNetCore.App.Runtime.win-arm64
7.0.0 - 7.0.10NuGet
nuget/Microsoft.AspNetCore.App.Runtime.win-x64
7.0.0 - 7.0.10NuGet
nuget/Microsoft.AspNetCore.App.Runtime.win-x86
7.0.0 - 7.0.10NuGet
nuget/Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv
6.0.0 - 6.0.21NuGet
nuget/Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets
0 - 2.1.40NuGet
Published
Aug 08, 2023
KEV Added
Aug 09, 2023
Tracked Since
Feb 18, 2026