VYPR
← All advisories
Moderate severityNVD Advisory· Published Sep 12, 2023· Updated Oct 30, 2025

.NET Core and Visual Studio Denial of Service Vulnerability

CVE-2023-36799

Description

.NET Core and Visual Studio Denial of Service Vulnerability

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial of service vulnerability exists in .NET Core when processing specially crafted X.509 certificates on Linux systems.

Root

Cause

CVE-2023-36799 is a Denial of Service (DoS) vulnerability in .NET Core and Visual Studio, specifically affecting the processing of X.509 certificates on Linux systems [1]. The flaw resides in how the .NET runtime handles malformed certificate data, potentially leading to excessive resource consumption when a maliciously crafted certificate is parsed.

Attack

Vector

An attacker can exploit this vulnerability by providing a specially crafted X.509 certificate to an application built on an affected .NET version [1]. The attack requires no prior authentication and can be delivered through any channel where the application ingests certificate data (e.g., TLS connections, certificate validation routines). The vulnerability is exclusive to Linux environments; Windows and macOS systems are not affected [1].

Impact

Successful exploitation results in a denial of service condition, where the application becomes unresponsive or crashes, disrupting availability. This is a network-based attack that can be launched remotely without user interaction, making it especially dangerous for internet-facing services that accept certificate data [1].

Mitigation

Microsoft has released security updates to address this vulnerability. .NET 7.0 applications running versions 7.0.10 or earlier must update to .NET 7.0.11 or later, while .NET 6.0 applications on versions 6.0.21 or earlier need to update to .NET 6.0.22 or later [1]. Additionally, the affected runtime packages (e.g., Microsoft.NETCore.App.Runtime.linux-x64) have corresponding patched versions. No workarounds or mitigating factors are available; applying the latest patches is the only remediation [1].

References
  1. Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.NETCore.App.Runtime.linux-arm64NuGet
>= 7.0.0, < 7.0.117.0.11
Microsoft.NETCore.App.Runtime.linux-musl-arm64NuGet
>= 7.0.0, < 7.0.117.0.11
Microsoft.NETCore.App.Runtime.linux-armNuGet
>= 7.0.0, < 7.0.117.0.11
Microsoft.NETCore.App.Runtime.linux-musl-armNuGet
>= 7.0.0, < 7.0.117.0.11
Microsoft.NETCore.App.Runtime.linux-musl-x64NuGet
>= 7.0.0, < 7.0.117.0.11
Microsoft.NETCore.App.Runtime.linux-x64NuGet
>= 7.0.0, < 7.0.117.0.11
Microsoft.NETCore.App.Runtime.linux-x64NuGet
>= 6.0.0, < 6.0.226.0.22
Microsoft.NETCore.App.Runtime.linux-musl-x64NuGet
>= 6.0.0, < 6.0.226.0.22
Microsoft.NETCore.App.Runtime.linux-musl-armNuGet
>= 6.0.0, < 6.0.226.0.22
Microsoft.NETCore.App.Runtime.linux-armNuGet
>= 6.0.0, < 6.0.226.0.22
Microsoft.NETCore.App.Runtime.linux-arm64NuGet
>= 6.0.0, < 6.0.226.0.22
Microsoft.NETCore.App.Runtime.linux-musl-arm64NuGet
>= 6.0.0, < 6.0.226.0.22

Affected products

41

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.