Vulnérabilité de déni de service dans .NET Framework
Date de publication : 12 avr. 2022
Dernière mise à jour : 24 juin 2024
- Assigning CNA
- Microsoft
- CVE.org link
- CVE-2022-26832
- Impact
- Déni de service
- Gravité max.
- Important
- CVSS Source
- Microsoft
- Chaîne vectorielle
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
- Metrics
- CVSS:3.1 7.5 / 6.5Métriques de score de base : 7.5 / Métriques de score temporel : 6.5
Vecteur d’attaque
Réseau
Complexité d’attaque
Faible
Privilèges requis
Aucune
Intervention de l’utilisateur
Aucune
Étendue
Non modifié
Confidentialité
Aucune
Intégrité
Aucune
Disponibilité
Élevé
Maturité de code malveillant
Sans preuve
Niveau de correction
Correctif officiel
Fiabilité du rapport
Confirmé
Pour plus d’informations sur la définition de ces métriques, consultez la page Common Vulnerability Scoring System.
Exploitabilité
Le tableau ci-dessous fournit une évaluation d’exploitabilité pour cette vulnérabilité lors de la publication initiale.
- Publicly disclosed
- No
- Exploited
- No
- Exploitability assessment
- Exploitation moins probable
Remerciements
- Orange Tsai (@orange_8361) with DEVCORE
Mises à jour de sécurité
Consultez le site web Politique de support Microsoft pour connaître la politique de support correspondant à votre logiciel.
- 10.0.14393.5066
- 10.0.14393.5066
- 10.0.14393.5066
- 10.0.14393.5066
- 4.7.3930.02
- 4.7.3930.02
- 4.8.4494.03
- 4.8.4494.03
- 4.8.4494.03
- 4.8.4494.03
- 4.8.4494.03
- 4.8.4494.03
- 2.0.50727.8962
- 2.0.50727.8962
- 2.0.50727.8962
- 2.0.50727.8962
- -
- 2.0.50727.8962
- Monthly Rollup
- Security Only
- -
- 2.0.50727.8962
- 2.0.50727.8962
- 2.0.50727.8962
- 2.0.50727.8962
- 2.0.50727.8962
- 2.0.50727.8962
- 2.0.50727.8962
- 4.7.03930.02
- 4.7.3930.01
- 2.0.50727.8962
- 2.0.50727.8962
- 4.0.52732.36732
- 4.7.3930.01
- 4.7.3930.02
- 4.7.3930.02
- 4.7.3930.02
- 4.8.4494.03
- 4.8.4494.03
- 4.8.4494.03
- 4.8.4494.03
- 4.8.4494.03
- 4.8.4494.03
- 4.8.04494.03
- 4.8.4494.01
- 4.8.04494.03
- 4.8.4494.01
- 4.8.4494.03
- 4.0.52730.36730
- 4.0.52730.3673
- 4.8.4494.03
- 4.8.04494.03
- 4.8.4494.01
- 4.7.03930.02
- 4.7.3930.01
- 52732.36732
- 4.0.52734.36734
- 4.8.4494.03
Clause d’exclusion de responsabilité
Révisions
Updated the build numbers. This is an informational update only.
To comprehensively address this vulnerability, Microsoft has released Monthly Rollup KB5016268 for .NET Framework 3.5 installed on Windows 8.1 and Windows Server 2012 R2. Microsoft strongly recommends that customers install the update to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
In the Security Updates table, added .NET Framework 4.6.2/4.7/4.7.1/4.7.2 installed on Windows 10 version 1607, Windows Server 2016, and Windows Server 2016 (Server Core installation) as these versions of Window 10 and Windows Server with .NET Framework 4.6.2/4.7/4.7.1/4.7.2 installed are affected by this vulnerability. Customers running these versions of .NET Framework should install the April 2022 security updates to be protected from this vulnerability.
In the Security Updates table, added .NET Framework 4.8 installed on Windows Server 2016 and Windows Server 2016 (Server Core installation), .NET Framework 3.5 and 4.7.2 intalled on Windows Server 2019 and Windows Server 2019 (Server Core installation), and .NET Framework 3.5 and 4.8 installed on Windows Server 2019 and Windows Server 2019 (Server Core installation) as these versions of Windows Server with these versions of .NET Framework installed are affected by this vulnerability. Customers running these versions of .NET Framework should install the April 2022 security updates to be protected from this vulnerability.
Information published.