VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-9w67-8kj8-aaam

Essentials
Severities (108)
References (24)
Severity details (17)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-9w67-8kj8-aaam
Aliases	CVE-2022-21986 GHSA-x459-p2rx-f8ff
Summary	Denial Of Service .NET Denial of Service Vulnerability, This vulnerability affects applications that utilize the Kestrel web server when processing certain HTTP/2 and HTTP/3 requests.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-770	Allocation of Resources Without Limits or Throttling
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0495
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0496
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0499
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0500
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21986.json
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00326	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00417	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00417	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00417	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00417	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00417	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
epss	0.00417	https://api.first.org/data/v1/epss?cve=CVE-2022-21986
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=2051490
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-x459-p2rx-f8ff
cvssv3.1	7.5	https://github.com/dotnet/announcements/issues/207
generic_textual	HIGH	https://github.com/dotnet/announcements/issues/207
cvssv3.1	8.1	https://github.com/dotnet/aspnetcore
generic_textual	HIGH	https://github.com/dotnet/aspnetcore
cvssv3.1_qr	HIGH	https://github.com/dotnet/aspnetcore/security/advisories/GHSA-x459-p2rx-f8ff
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HMQOHV7G5TF6OMBN6DNTDOKQQU7KHMM
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HMQOHV7G5TF6OMBN6DNTDOKQQU7KHMM
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCTBSBE3PNIMXG6ALX2CQG4ZEH7W3YAT
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCTBSBE3PNIMXG6ALX2CQG4ZEH7W3YAT
cvssv3.1	7.5	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986
generic_textual	HIGH	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2022-21986
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-21986
cvssv3.1	7.5	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21986
generic_textual	HIGH	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21986

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21986.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-21986
		https://github.com/dotnet/announcements/issues/207
		https://github.com/dotnet/aspnetcore
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HMQOHV7G5TF6OMBN6DNTDOKQQU7KHMM
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HMQOHV7G5TF6OMBN6DNTDOKQQU7KHMM/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCTBSBE3PNIMXG6ALX2CQG4ZEH7W3YAT
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCTBSBE3PNIMXG6ALX2CQG4ZEH7W3YAT/
		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986
		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21986
2051490		https://bugzilla.redhat.com/show_bug.cgi?id=2051490
cpe:2.3:a:microsoft:.net::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net::::::::
cpe:2.3:a:microsoft:visual_studio_2019::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2019::::::::
cpe:2.3:a:microsoft:visual_studio_2019::::::macos::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2019::::::macos::*
cpe:2.3:a:microsoft:visual_studio_2022::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2022::::::::
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
CVE-2022-21986		https://nvd.nist.gov/vuln/detail/CVE-2022-21986
GHSA-x459-p2rx-f8ff		https://github.com/advisories/GHSA-x459-p2rx-f8ff
GHSA-x459-p2rx-f8ff		https://github.com/dotnet/aspnetcore/security/advisories/GHSA-x459-p2rx-f8ff
RHSA-2022:0495		https://access.redhat.com/errata/RHSA-2022:0495
RHSA-2022:0496		https://access.redhat.com/errata/RHSA-2022:0496
RHSA-2022:0499		https://access.redhat.com/errata/RHSA-2022:0499
RHSA-2022:0500		https://access.redhat.com/errata/RHSA-2022:0500

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21986.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/dotnet/announcements/issues/207

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Found at https://github.com/dotnet/aspnetcore

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HMQOHV7G5TF6OMBN6DNTDOKQQU7KHMM

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCTBSBE3PNIMXG6ALX2CQG4ZEH7W3YAT

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-21986

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-21986

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21986

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.37910
EPSS Score	0.00085
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.