Skip to content

v1.2.0.1

Latest
Latest
Compare
Choose a tag to compare
@kirill-abblix kirill-abblix released this 16 Oct 10:31
v1.2.0.1
This tag was signed with the committer’s verified signature.
kirill-abblix Kirill Kovalev
GPG key ID: C6EB4C9C80E51A1E
Learn about vigilant mode.
efbcf10
This commit was signed with the committer’s verified signature.
kirill-abblix Kirill Kovalev
GPG key ID: C6EB4C9C80E51A1E
Learn about vigilant mode.

🛠 Fixes

  • Fixed the Denial of Service vulnerability identified in System.Security.Cryptography.Cose, System.IO.Packaging, and Microsoft.Extensions.Caching.Memory (CVE-2024-43483) (PR#18)

Detailed description

Fixed Denial of Service vulnerability (CVE-2024-43483)

  • A high-severity vulnerability in System.Security.Cryptography.Cose, System.IO.Packaging, and Microsoft.Extensions.Caching.Memory was identified. The issue made the system susceptible to hash flooding attacks through hostile input, potentially leading to a Denial of Service (DoS). This vulnerability affects multiple versions of .NET, specifically .NET 6.0, .NET 8.0, and .NET 9.0, and has now been patched.
    • Vulnerable versions: .NET 6.0 (<= 6.0.1), .NET 8.0 (<= 8.0.0), .NET 9.0 (<= 9.0.0-rc.1.24431.7)
    • Patched versions: .NET 6.0.2, .NET 8.0.1, .NET 9.0.0-rc.2.24473.5
    • Developers using affected versions are advised to update to the latest patched versions to mitigate the risk of Denial of Service attacks.
Assets 7
Loading