Search for vulnerabilities
Vulnerability details: VCID-x1pt-rnk2-5bgs
Vulnerability ID VCID-x1pt-rnk2-5bgs
Aliases CVE-2023-38180
GHSA-vmch-3w2x-vhgq
Summary .NET and Visual Studio Denial of Service Vulnerability
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-400 Uncontrolled Resource Consumption
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38180.json
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2023-38180
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-vmch-3w2x-vhgq
cvssv3.1 7.5 https://github.com/dotnet/runtime
generic_textual HIGH https://github.com/dotnet/runtime
cvssv3.1 7.5 https://github.com/dotnet/runtime/issues/90170
generic_textual HIGH https://github.com/dotnet/runtime/issues/90170
cvssv3.1 7.5 https://github.com/dotnet/runtime/security/advisories/GHSA-vmch-3w2x-vhgq
cvssv3.1_qr HIGH https://github.com/dotnet/runtime/security/advisories/GHSA-vmch-3w2x-vhgq
generic_textual HIGH https://github.com/dotnet/runtime/security/advisories/GHSA-vmch-3w2x-vhgq
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY
cvssv3.1 7.5 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180
cvssv3.1 7.5 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180
generic_textual HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180
ssvc Attend https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-38180
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-38180
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38180.json
https://api.first.org/data/v1/epss?cve=CVE-2023-38180
https://github.com/dotnet/runtime
https://github.com/dotnet/runtime/issues/90170
https://github.com/dotnet/runtime/security/advisories/GHSA-vmch-3w2x-vhgq
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180
https://nvd.nist.gov/vuln/detail/CVE-2023-38180
2228621 https://bugzilla.redhat.com/show_bug.cgi?id=2228621
cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
GHSA-vmch-3w2x-vhgq https://github.com/advisories/GHSA-vmch-3w2x-vhgq
RHSA-2023:4639 https://access.redhat.com/errata/RHSA-2023:4639
RHSA-2023:4640 https://access.redhat.com/errata/RHSA-2023:4640
RHSA-2023:4641 https://access.redhat.com/errata/RHSA-2023:4641
RHSA-2023:4642 https://access.redhat.com/errata/RHSA-2023:4642
RHSA-2023:4643 https://access.redhat.com/errata/RHSA-2023:4643
RHSA-2023:4644 https://access.redhat.com/errata/RHSA-2023:4644
RHSA-2023:4645 https://access.redhat.com/errata/RHSA-2023:4645
USN-6278-1 https://usn.ubuntu.com/6278-1/
USN-6278-2 https://usn.ubuntu.com/6278-2/
Data source KEV
Date added Aug. 9, 2023
Description Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS).
Required action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due date Aug. 30, 2023
Note 
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-38180;  https://nvd.nist.gov/vuln/detail/CVE-2023-38180
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38180.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/dotnet/runtime
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/dotnet/runtime/issues/90170
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/dotnet/runtime/security/advisories/GHSA-vmch-3w2x-vhgq
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2024-07-24T20:42:20Z/ Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-38180
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.33834
EPSS Score 0.00133
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:29:58.380525+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.20/community.json 37.0.0