VYPR
Get started
← All advisories
High severityCISA KEVNVD Advisory· Published Aug 8, 2023· Updated Oct 21, 2025

.NET and Visual Studio Denial of Service Vulnerability

CVE-2023-38180

Description

.NET and Visual Studio Denial of Service Vulnerability

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.AspNetCore.App.Runtime.win-arm64NuGet
>= 7.0.0, < 7.0.107.0.10
Microsoft.AspNetCore.App.Runtime.win-x64NuGet
>= 7.0.0, < 7.0.107.0.10
Microsoft.AspNetCore.App.Runtime.win-x86NuGet
>= 7.0.0, < 7.0.107.0.10
Microsoft.AspNetCore.Server.Kestrel.Transport.LibuvNuGet
>= 6.0.0, < 6.0.216.0.21
Microsoft.AspNetCore.App.Runtime.win-arm64NuGet
>= 6.0.0, < 6.0.216.0.21
Microsoft.AspNetCore.App.Runtime.win-x64NuGet
>= 6.0.0, < 6.0.216.0.21
Microsoft.AspNetCore.App.Runtime.win-x86NuGet
>= 6.0.0, < 6.0.216.0.21
Microsoft.AspNetCore.Server.Kestrel.Transport.LibuvNuGet
< 2.1.402.1.40
Microsoft.AspNetCore.Server.Kestrel.Transport.SocketsNuGet
< 2.1.402.1.40

Affected products

6
  • Microsoft/ASP.NET Core 2.1v5
    Range: 2.0
  • Microsoft/Microsoft Visual Studio 2022 version 17.2v5
    Range: 17.2.0
  • Microsoft/Microsoft Visual Studio 2022 version 17.4v5
    Range: 17.4.0
  • Microsoft/Microsoft Visual Studio 2022 version 17.6v5
    Range: 17.6.0
  • Microsoft/.NET 6.0v5
    Range: 6.0.0
  • Microsoft/.NET 7.0v5
    Range: 7.0.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.