Search for vulnerabilities
Vulnerability details: VCID-c7kh-duun-aaag
Vulnerability ID VCID-c7kh-duun-aaag
Aliases CVE-2023-21538
GHSA-8f7f-vqg5-jrv9
Summary .NET Denial of Service Vulnerability
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-121 Stack-based Buffer Overflow
CWE-502 Deserialization of Untrusted Data
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-21538.json
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00654 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00672 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
epss 0.00985 https://api.first.org/data/v1/epss?cve=CVE-2023-21538
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-8f7f-vqg5-jrv9
cvssv3.1 7.5 https://github.com/dotnet/runtime
generic_textual HIGH https://github.com/dotnet/runtime
cvssv3.1_qr HIGH https://github.com/dotnet/runtime/security/advisories/GHSA-8f7f-vqg5-jrv9
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GV5QDWYJ4C26JB7RTI55Z4O76WSH4FMV
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GV5QDWYJ4C26JB7RTI55Z4O76WSH4FMV
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI27LYW5C4Z4644WYIQWOXBZL7WIP2X6
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI27LYW5C4Z4644WYIQWOXBZL7WIP2X6
cvssv3.1 7.5 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538
ssvc Track https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-21538
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-21538.json
https://api.first.org/data/v1/epss?cve=CVE-2023-21538
https://github.com/dotnet/runtime
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GV5QDWYJ4C26JB7RTI55Z4O76WSH4FMV
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GV5QDWYJ4C26JB7RTI55Z4O76WSH4FMV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI27LYW5C4Z4644WYIQWOXBZL7WIP2X6
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI27LYW5C4Z4644WYIQWOXBZL7WIP2X6/
2158342 https://bugzilla.redhat.com/show_bug.cgi?id=2158342
cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2023-21538 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538
CVE-2023-21538 https://nvd.nist.gov/vuln/detail/CVE-2023-21538
CVE-2023-21538 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21538
GHSA-8f7f-vqg5-jrv9 https://github.com/advisories/GHSA-8f7f-vqg5-jrv9
GHSA-8f7f-vqg5-jrv9 https://github.com/dotnet/runtime/security/advisories/GHSA-8f7f-vqg5-jrv9
RHSA-2023:0077 https://access.redhat.com/errata/RHSA-2023:0077
RHSA-2023:0078 https://access.redhat.com/errata/RHSA-2023:0078
RHSA-2023:0079 https://access.redhat.com/errata/RHSA-2023:0079
USN-5798-1 https://usn.ubuntu.com/5798-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-21538.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/dotnet/runtime
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GV5QDWYJ4C26JB7RTI55Z4O76WSH4FMV
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI27LYW5C4Z4644WYIQWOXBZL7WIP2X6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T22:02:43Z/ Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-21538
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.41306
EPSS Score 0.00095
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.