CVE-2024-38229

HIGH

Microsoft .NET and Visual Studio - Use-After-Free Remote Code Execution

Title source: manual
STIX 2.1

Description

.NET and Visual Studio Remote Code Execution Vulnerability

References (2)

Core 2

Scores

CVSS v3 8.1
EPSS 0.0205
EPSS Percentile 79.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (19)
microsoft/.net 8.0.0 - 8.0.10
Microsoft/.NET 8.0 8.0.0 - 8.0.10
Microsoft/Microsoft Visual Studio 2022 version 17.10 17.10 - 17.10.8
Microsoft/Microsoft Visual Studio 2022 version 17.11 17.11 - 17.11.5
Microsoft/Microsoft Visual Studio 2022 version 17.6 17.6.0 - 17.6.20
Microsoft/Microsoft Visual Studio 2022 version 17.8 17.8.0 - 17.8.15
microsoft/visual_studio_2022 17.6.0 - 17.6.20
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm 9.0.0-preview.1.24081.5 - 9.0.0-rc.2.24474.3NuGet
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64 9.0.0-preview.1.24081.5 - 9.0.0-rc.2.24474.3NuGet
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm 9.0.0-preview.1.24081.5 - 9.0.0-rc.2.24474.3NuGet
... and 9 more
Published Oct 08, 2024
Tracked Since Feb 18, 2026