VYPR
← All advisories
High severityNVD Advisory· Published Feb 14, 2023· Updated Feb 28, 2025

.NET and Visual Studio Remote Code Execution Vulnerability

CVE-2023-21808

Description

.NET and Visual Studio Remote Code Execution Vulnerability

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A remote code execution vulnerability exists in .NET when reading debugging symbols from a malicious symbols file, affecting .NET 7.0 ≤7.0.2 and .NET 6.0 ≤6.0.13.

Vulnerability

Details

The vulnerability (CVE-2023-21808) resides in how .NET reads debugging symbols. When processing a specially crafted symbols file, the runtime can be exploited to achieve remote code execution. The issue affects all .NET 7.0 applications running versions up to 7.0.2 and .NET 6.0 applications up to 6.0.13 [1].

Exploitation

An attacker would need to supply a malicious symbols file to the victim. This could occur during debugging sessions or when loading symbols for an application. No authentication is required; the victim simply needs to load the crafted file. The vulnerability does not require any special network position beyond delivering the file [1].

Impact

Successful exploitation allows an adversary to execute arbitrary code in the context of the affected application. This could lead to full compromise of the system, data theft, or further lateral movement within the network [1].

Mitigation

Microsoft has released patches for both .NET 7.0 (version 7.0.3) and .NET 6.0 (version 6.0.14). Users should update to these patched versions immediately. There are no known workarounds or mitigating factors [1]. Additionally, Visual Studio users will be prompted to update their SDKs through the Visual Studio update process.

References
  1. .NET Remote Code Execution Vulnerability

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.NetCore.App.Runtime.win-armNuGet
>= 7.0.0, < 7.0.37.0.3
Microsoft.NetCore.App.Runtime.win-armNuGet
>= 6.0.0, < 6.0.146.0.14
Microsoft.NetCore.App.Runtime.win-arm64NuGet
>= 7.0.0, < 7.0.37.0.3
Microsoft.NetCore.App.Runtime.win-arm64NuGet
>= 6.0.0, < 6.0.146.0.14
Microsoft.NetCore.App.Runtime.win-x64NuGet
>= 7.0.0, < 7.0.37.0.3
Microsoft.NetCore.App.Runtime.win-x64NuGet
>= 6.0.0, < 6.0.146.0.14
Microsoft.NetCore.App.Runtime.win-x86NuGet
>= 7.0.0, < 7.0.37.0.3
Microsoft.NetCore.App.Runtime.win-x86NuGet
>= 6.0.0, < 6.0.146.0.14

Affected products

23
  • osv-coords6 versions
    pkg:bitnami/dotnetpkg:bitnami/dotnet-sdkpkg:nuget/microsoft.netcore.app.runtime.win-armpkg:nuget/microsoft.netcore.app.runtime.win-arm64pkg:nuget/microsoft.netcore.app.runtime.win-x64pkg:nuget/microsoft.netcore.app.runtime.win-x86
    >= 6.0.0, < 6.0.1+ 5 more
    • (no CPE)range: >= 6.0.0, < 6.0.1
    • (no CPE)range: >= 6.0.0, < 6.0.1
    • (no CPE)range: >= 7.0.0, < 7.0.3
    • (no CPE)range: >= 7.0.0, < 7.0.3
    • (no CPE)range: >= 7.0.0, < 7.0.3
    • (no CPE)range: >= 7.0.0, < 7.0.3
  • Microsoft/Microsoft .NET Framework 3.5 and 4.6.2v5
    Range: 4.7.0
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2v5
    Range: 4.7.0
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8v5
    Range: 4.8.0
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8.1v5
    Range: 4.8.1
  • Microsoft/Microsoft .NET Framework 4.6.2v5
    Range: 4.7.0
  • Microsoft/Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2v5
    Range: 4.7.0
  • Microsoft/Microsoft .NET Framework 4.8v5
    Range: 4.8.0
  • Microsoft/Microsoft Visual Studio 2013 Update 5v5
    Range: 12.0.0
  • Microsoft/Microsoft Visual Studio 2015 Update 3v5
    Range: 14.0.0
  • Microsoft/Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)v5
    Range: 15.9.0
  • Microsoft/Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)v5
    Range: 16.11.0
  • Microsoft/Microsoft Visual Studio 2022 version 17.0v5
    Range: 17.0.0
  • Microsoft/Microsoft Visual Studio 2022 version 17.2v5
    Range: 17.2.0
  • Microsoft/Microsoft Visual Studio 2022 version 17.4v5
    Range: 17.4.0
  • Microsoft/.NET 6.0v5
    Range: 6.0.0
  • Microsoft/.NET 7.0v5
    Range: 7.0.0
  • Microsoft/PowerShell 7.2v5
    Range: 7.2.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.