.NET and Visual Studio Remote Code Execution Vulnerability
Description
.NET and Visual Studio Remote Code Execution Vulnerability
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A stack buffer overrun in .NET's Double Parse routine allows remote code execution in .NET 7.0 and 8.0.
Vulnerability
Overview
The vulnerability exists in .NET's Double.Parse routine, where a stack buffer overrun can occur [1][2]. This memory corruption bug can be triggered by specially crafted input, potentially leading to arbitrary code execution. The issue affects .NET 7.0 (up to version 7.0.18) and .NET 8.0 (up to version 8.0.4) [1][2][3].
Exploitation
An attacker would need to supply a malicious double-precision floating-point string to an application that uses the affected parsing routine. No authentication or user interaction is required beyond the application processing the malformed input [2][3]. The vulnerability is classified as remote code execution because it allows an unauthenticated remote attacker to compromise a vulnerable system [1][4].
Impact
Successful exploitation grants the attacker the ability to execute arbitrary code in the context of the application. This could lead to full system compromise, including data theft, installation of malware, or further lateral movement within a network [1][2].
Mitigation
Microsoft has released patches for the affected packages: update .NET 7.0 to version 7.0.19 and .NET 8.0 to version 8.0.5 [1][2][3]. No workarounds are available [3]. Developers should update their applications to use the patched runtime packages.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.NETCore.App.Runtime.linux-armNuGet | >= 7.0.0, < 7.0.19 | 7.0.19 |
Microsoft.NETCore.App.Runtime.linux-arm64NuGet | >= 7.0.0, < 7.0.19 | 7.0.19 |
Microsoft.NETCore.App.Runtime.linux-armNuGet | >= 8.0.0, < 8.0.5 | 8.0.5 |
Microsoft.NETCore.App.Runtime.linux-arm64NuGet | >= 8.0.0, < 8.0.5 | 8.0.5 |
Microsoft.NETCore.App.Runtime.linux-musl-armNuGet | >= 7.0.0, < 7.0.19 | 7.0.19 |
Microsoft.NETCore.App.Runtime.linux-musl-arm64NuGet | >= 8.0.0, < 8.0.5 | 8.0.5 |
Microsoft.NETCore.App.Runtime.linux-musl-x64NuGet | >= 7.0.0, < 7.0.19 | 7.0.19 |
Microsoft.NETCore.App.Runtime.linux-musl-x64NuGet | >= 8.0.0, < 8.0.5 | 8.0.5 |
Microsoft.NETCore.App.Runtime.linux-x64NuGet | >= 7.0.0, < 7.0.19 | 7.0.19 |
Microsoft.NETCore.App.Runtime.linux-x64NuGet | >= 8.0.0, < 8.0.5 | 8.0.5 |
Microsoft.NETCore.App.Runtime.osx-arm64NuGet | >= 7.0.0, < 7.0.19 | 7.0.19 |
Microsoft.NETCore.App.Runtime.osx-arm64NuGet | >= 8.0.0, < 8.0.5 | 8.0.5 |
Microsoft.NETCore.App.Runtime.osx-x64NuGet | >= 7.0.0, < 7.0.19 | 7.0.19 |
Microsoft.NETCore.App.Runtime.osx-x64NuGet | >= 8.0.0, < 8.0.5 | 8.0.5 |
Microsoft.NETCore.App.Runtime.win-armNuGet | >= 7.0.0, < 7.0.19 | 7.0.19 |
Microsoft.NETCore.App.Runtime.win-armNuGet | >= 8.0.0, < 8.0.5 | 8.0.5 |
Microsoft.NETCore.App.Runtime.win-arm64NuGet | >= 7.0.0, < 7.0.19 | 7.0.19 |
Microsoft.NETCore.App.Runtime.win-arm64NuGet | >= 8.0.0, < 8.0.5 | 8.0.5 |
Microsoft.NETCore.App.Runtime.win-x64NuGet | >= 7.0.0, < 7.0.19 | 7.0.19 |
Microsoft.NETCore.App.Runtime.win-x64NuGet | >= 8.0.0, < 8.0.5 | 8.0.5 |
Microsoft.NETCore.App.Runtime.win-x86NuGet | >= 7.0.0, < 7.0.19 | 7.0.19 |
Microsoft.NETCore.App.Runtime.win-x86NuGet | >= 8.0.0, < 8.0.5 | 8.0.5 |
Microsoft.NETCore.App.Runtime.linux-musl-armNuGet | >= 8.0.0, < 8.0.5 | 8.0.5 |
Microsoft.NETCore.App.Runtime.linux-musl-arm64NuGet | >= 7.0.0, < 7.0.19 | 7.0.19 |
Affected products
46- osv-coords39 versionspkg:bitnami/dotnetpkg:bitnami/dotnet-sdkpkg:bitnami/powershellpkg:nuget/microsoft.netcore.app.runtime.linux-armpkg:nuget/microsoft.netcore.app.runtime.linux-arm64pkg:nuget/microsoft.netcore.app.runtime.linux-musl-armpkg:nuget/microsoft.netcore.app.runtime.linux-musl-arm64pkg:nuget/microsoft.netcore.app.runtime.linux-musl-x64pkg:nuget/microsoft.netcore.app.runtime.linux-x64pkg:nuget/microsoft.netcore.app.runtime.osx-arm64pkg:nuget/microsoft.netcore.app.runtime.osx-x64pkg:nuget/microsoft.netcore.app.runtime.win-armpkg:nuget/microsoft.netcore.app.runtime.win-arm64pkg:nuget/microsoft.netcore.app.runtime.win-x64pkg:nuget/microsoft.netcore.app.runtime.win-x86pkg:rpm/almalinux/aspnetcore-runtime-7.0pkg:rpm/almalinux/aspnetcore-runtime-8.0pkg:rpm/almalinux/aspnetcore-runtime-dbg-8.0pkg:rpm/almalinux/aspnetcore-targeting-pack-7.0pkg:rpm/almalinux/aspnetcore-targeting-pack-8.0pkg:rpm/almalinux/dotnetpkg:rpm/almalinux/dotnet-apphost-pack-7.0pkg:rpm/almalinux/dotnet-apphost-pack-8.0pkg:rpm/almalinux/dotnet-hostpkg:rpm/almalinux/dotnet-hostfxr-7.0pkg:rpm/almalinux/dotnet-hostfxr-8.0pkg:rpm/almalinux/dotnet-runtime-7.0pkg:rpm/almalinux/dotnet-runtime-8.0pkg:rpm/almalinux/dotnet-runtime-dbg-8.0pkg:rpm/almalinux/dotnet-sdk-7.0pkg:rpm/almalinux/dotnet-sdk-7.0-source-built-artifactspkg:rpm/almalinux/dotnet-sdk-8.0pkg:rpm/almalinux/dotnet-sdk-8.0-source-built-artifactspkg:rpm/almalinux/dotnet-sdk-dbg-8.0pkg:rpm/almalinux/dotnet-targeting-pack-7.0pkg:rpm/almalinux/dotnet-targeting-pack-8.0pkg:rpm/almalinux/dotnet-templates-7.0pkg:rpm/almalinux/dotnet-templates-8.0pkg:rpm/almalinux/netstandard-targeting-pack-2.1
>= 7.0.0, < 7.0.19+ 38 more
- (no CPE)range: >= 7.0.0, < 7.0.19
- (no CPE)range: >= 7.0.0, < 7.0.19
- (no CPE)range: >= 7.4.0, < 7.4.3
- (no CPE)range: >= 7.0.0, < 7.0.19
- (no CPE)range: >= 7.0.0, < 7.0.19
- (no CPE)range: >= 7.0.0, < 7.0.19
- (no CPE)range: >= 8.0.0, < 8.0.5
- (no CPE)range: >= 7.0.0, < 7.0.19
- (no CPE)range: >= 7.0.0, < 7.0.19
- (no CPE)range: >= 7.0.0, < 7.0.19
- (no CPE)range: >= 7.0.0, < 7.0.19
- (no CPE)range: >= 7.0.0, < 7.0.19
- (no CPE)range: >= 7.0.0, < 7.0.19
- (no CPE)range: >= 7.0.0, < 7.0.19
- (no CPE)range: >= 7.0.0, < 7.0.19
- (no CPE)range: < 7.0.19-1.el9_4
- (no CPE)range: < 8.0.5-1.el9_4
- (no CPE)range: < 8.0.5-1.el9_4
- (no CPE)range: < 7.0.19-1.el9_4
- (no CPE)range: < 8.0.5-1.el9_4
- (no CPE)range: < 8.0.105-1.el8_10
- (no CPE)range: < 7.0.19-1.el9_4
- (no CPE)range: < 8.0.5-1.el9_4
- (no CPE)range: < 8.0.5-1.el9_4
- (no CPE)range: < 7.0.19-1.el9_4
- (no CPE)range: < 8.0.5-1.el9_4
- (no CPE)range: < 7.0.19-1.el9_4
- (no CPE)range: < 8.0.5-1.el9_4
- (no CPE)range: < 8.0.5-1.el9_4
- (no CPE)range: < 7.0.119-1.el9_4
- (no CPE)range: < 7.0.119-1.el9_4
- (no CPE)range: < 8.0.105-1.el9_4
- (no CPE)range: < 8.0.105-1.el9_4
- (no CPE)range: < 8.0.105-1.el9_4
- (no CPE)range: < 7.0.19-1.el9_4
- (no CPE)range: < 8.0.5-1.el9_4
- (no CPE)range: < 7.0.119-1.el9_4
- (no CPE)range: < 8.0.105-1.el9_4
- (no CPE)range: < 8.0.105-1.el9_4
- Microsoft/Microsoft Visual Studio 2022 version 17.4v5Range: 17.4.0
- Microsoft/Microsoft Visual Studio 2022 version 17.6v5Range: 17.6.0
- Microsoft/Microsoft Visual Studio 2022 version 17.8v5Range: 17.8.0
- Microsoft/Microsoft Visual Studio 2022 version 17.9v5Range: 17.0
- Microsoft/.NET 7.0v5Range: 7.0.0
- Microsoft/.NET 8.0v5Range: 8.0
- Microsoft/PowerShell 7.4v5Range: 7.4.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-7fcr-8qw6-92frghsaADVISORY
- msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30045ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-30045ghsaADVISORY
- github.com/dotnet/announcements/issues/307ghsaWEB
- github.com/dotnet/runtime/issues/102206ghsaWEB
- github.com/dotnet/runtime/security/advisories/GHSA-7fcr-8qw6-92frghsaWEB
- security.netapp.com/advisory/ntap-20241122-0001ghsaWEB
News mentions
0No linked articles in our index yet.