Critical severityNVD Advisory· Published Nov 12, 2024· Updated Jul 8, 2025
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-43498
Description
.NET and Visual Studio Remote Code Execution Vulnerability
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
System.Formats.NrbfNuGet | < 9.0.0 | 9.0.0 |
Affected products
49- osv-coords43 versionspkg:apk/chainguard/aspnet-9-runtimepkg:apk/chainguard/aspnet-9-runtime-defaultpkg:apk/chainguard/aspnet-9-targeting-packpkg:apk/chainguard/dotnet-9pkg:apk/chainguard/dotnet-9-aotpkg:apk/chainguard/dotnet-9-runtimepkg:apk/chainguard/dotnet-9-runtime-defaultpkg:apk/chainguard/dotnet-9-sdkpkg:apk/chainguard/dotnet-9-sdk-defaultpkg:apk/chainguard/dotnet-9-targeting-packpkg:apk/chainguard/dotnet-bootstrap-9pkg:apk/chainguard/netstandard-9-targeting-packpkg:apk/wolfi/aspnet-9-runtimepkg:apk/wolfi/aspnet-9-runtime-defaultpkg:apk/wolfi/aspnet-9-targeting-packpkg:apk/wolfi/dotnet-9pkg:apk/wolfi/dotnet-9-aotpkg:apk/wolfi/dotnet-9-runtimepkg:apk/wolfi/dotnet-9-runtime-defaultpkg:apk/wolfi/dotnet-9-sdkpkg:apk/wolfi/dotnet-9-sdk-defaultpkg:apk/wolfi/dotnet-9-targeting-packpkg:apk/wolfi/dotnet-bootstrap-9pkg:apk/wolfi/netstandard-9-targeting-packpkg:bitnami/dotnetpkg:bitnami/dotnet-sdkpkg:deb/ubuntu/dotnet9@9.0.100-9.0.0-0ubuntu1~24.10.1?arch=source&distro=oracularpkg:nuget/system.formats.nrbfpkg:rpm/almalinux/aspnetcore-runtime-9.0pkg:rpm/almalinux/aspnetcore-runtime-dbg-9.0pkg:rpm/almalinux/aspnetcore-targeting-pack-9.0pkg:rpm/almalinux/dotnet-apphost-pack-9.0pkg:rpm/almalinux/dotnet-hostpkg:rpm/almalinux/dotnet-hostfxr-9.0pkg:rpm/almalinux/dotnet-runtime-9.0pkg:rpm/almalinux/dotnet-runtime-dbg-9.0pkg:rpm/almalinux/dotnet-sdk-9.0pkg:rpm/almalinux/dotnet-sdk-9.0-source-built-artifactspkg:rpm/almalinux/dotnet-sdk-aot-9.0pkg:rpm/almalinux/dotnet-sdk-dbg-9.0pkg:rpm/almalinux/dotnet-targeting-pack-9.0pkg:rpm/almalinux/dotnet-templates-9.0pkg:rpm/almalinux/netstandard-targeting-pack-2.1
< 9.0.2-r0+ 42 more
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.200-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: < 9.0.200-r0
- (no CPE)range: < 9.0.2-r0
- (no CPE)range: >= 9.0.0, < 9.0.1
- (no CPE)range: >= 9.0.0, < 9.0.1
- (no CPE)range: < 9.0.100-9.0.0-0ubuntu1~24.10.1
- (no CPE)range: < 9.0.0
- (no CPE)range: < 9.0.0-1.el9_5
- (no CPE)range: < 9.0.0-1.el9_5
- (no CPE)range: < 9.0.0-1.el9_5
- (no CPE)range: < 9.0.0-1.el9_5
- (no CPE)range: < 9.0.0-1.el9_5
- (no CPE)range: < 9.0.0-1.el9_5
- (no CPE)range: < 9.0.0-1.el9_5
- (no CPE)range: < 9.0.0-1.el9_5
- (no CPE)range: < 9.0.100-1.el9_5
- (no CPE)range: < 9.0.100-1.el9_5
- (no CPE)range: < 9.0.100-1.el9_5
- (no CPE)range: < 9.0.100-1.el9_5
- (no CPE)range: < 9.0.0-1.el9_5
- (no CPE)range: < 9.0.100-1.el9_5
- (no CPE)range: < 9.0.100-1.el9_5
- Microsoft/Microsoft Visual Studio 2022 version 17.10v5Range: 17.10
- Microsoft/Microsoft Visual Studio 2022 version 17.11v5Range: 17.11
- Microsoft/Microsoft Visual Studio 2022 version 17.6v5Range: 17.6.0
- Microsoft/Microsoft Visual Studio 2022 version 17.8v5Range: 17.8.0
- Microsoft/.NET 9.0v5Range: 9.0.0
- Range: 7.5.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-v7vf-f5q6-m899ghsaADVISORY
- msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-43498ghsaADVISORY
- github.com/dotnet/runtime/security/advisories/GHSA-v7vf-f5q6-m899ghsaWEB
News mentions
0No linked articles in our index yet.