Vulnérabilité de déni de service dans .NET Framework
Date de publication : 10 mai 2022
Dernière mise à jour : 15 déc. 2022
- Assigning CNA
- Microsoft
- CVE.org link
- CVE-2022-30130
- Impact
- Déni de service
- Gravité max.
- Faible
- CVSS Source
- Microsoft
- Chaîne vectorielle
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
- Metrics
- CVSS:3.1 3.3 / 2.9Métriques de score de base : 3.3 / Métriques de score temporel : 2.9
Vecteur d’attaque
Locale
Complexité d’attaque
Faible
Privilèges requis
Aucune
Intervention de l’utilisateur
Requise
Étendue
Non modifié
Confidentialité
Aucune
Intégrité
Aucune
Disponibilité
Faible
Maturité de code malveillant
Sans preuve
Niveau de correction
Correctif officiel
Fiabilité du rapport
Confirmé
Pour plus d’informations sur la définition de ces métriques, consultez la page Common Vulnerability Scoring System.
Exploitabilité
Le tableau ci-dessous fournit une évaluation d’exploitabilité pour cette vulnérabilité lors de la publication initiale.
- Publicly disclosed
- No
- Exploited
- No
- Exploitability assessment
- Exploitation moins probable
Remerciements
- Eran Zimmerman Gonen with Accenture Security Israel
- Eran Zimmerman Gonen with Accenture Security Israel
Mises à jour de sécurité
Consultez le site web Politique de support Microsoft pour connaître la politique de support correspondant à votre logiciel.
- 10.0.10240.19624
- 10.0.10240.19624
- 4.7.03946.07
- 4.7.03946.05
- 4.7.03946.07
- 4.7.03946.05
- 4.7.03946.02
- 4.7.03946.03
- 4.7.03946.02
- 4.7.03946.03
- 4.7.03946.02
- 4.7.03946.03
- 4.7.03946.02
- 4.7.03946.03
- 4.7.03946.07
- 4.7.03946.05
- 4.7.03946.07
- 4.7.03946.05
- Monthly Rollup
- 4.7.03946.02
- 4.7.03946.02
- 4.7.03946.03
- 4.7.03946.02
- 4.7.03946.03
- 4.7.03946.07
- 4.7.03946.05
- 4.7.03946.07
- 4.7.03946.05
Clause d’exclusion de responsabilité
Révisions
The following revisions have been made: 1) Added .NET Framework 3.5 and 4.6/4.6.2 installed on Windows 10 for 32-bit Systems and Windows 10 for x65-based Systems as .NET 4.6 installed on Windows 10 is supported. 2) Removed .NET Framework 3.5 and 4.6.2 installed on Windows 10 for 32-bit Systems and Windows 10 for x65-based Systems. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
In the Security Updates table made the following revisions: 1) Added .NET Framework 3.5 and 4.6.2 installed on Windows 10 for 32-bit Systems and Windows 10 for x65-based Systems as they are affected by this vulnerability. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. 2) Removed .NET Framework 4.6 and .NET Framework 4.6.1 installed on supported editions of Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 as these versions of .NET Framework are no longer supported.
To comprehensively address this vulnerability, Microsoft has released Monthly Rollup KB5016268 for .NET Framework 3.5 installed on Windows 8.1 and Windows Server 2012 R2. Microsoft strongly recommends that customers install the update to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
Information published.