v1.2.0.1
kirill-abblix
released this
16 Oct 10:31
·
17 commits
to develop
since this release
🛠 Fixes
- Fixed the Denial of Service vulnerability identified in System.Security.Cryptography.Cose, System.IO.Packaging, and Microsoft.Extensions.Caching.Memory (CVE-2024-43483) (PR#18)
Detailed description
Fixed Denial of Service vulnerability (CVE-2024-43483)
- A high-severity vulnerability in System.Security.Cryptography.Cose, System.IO.Packaging, and Microsoft.Extensions.Caching.Memory was identified. The issue made the system susceptible to hash flooding attacks through hostile input, potentially leading to a Denial of Service (DoS). This vulnerability affects multiple versions of .NET, specifically .NET 6.0, .NET 8.0, and .NET 9.0, and has now been patched.
- Vulnerable versions: .NET 6.0 (<= 6.0.1), .NET 8.0 (<= 8.0.0), .NET 9.0 (<= 9.0.0-rc.1.24431.7)
- Patched versions: .NET 6.0.2, .NET 8.0.1, .NET 9.0.0-rc.2.24473.5
- Developers using affected versions are advised to update to the latest patched versions to mitigate the risk of Denial of Service attacks.