CVE-2023-21808

CVE-2023-21808

Name

CVE-2023-21808

Description

.NET and Visual Studio Remote Code Execution Vulnerability

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808

Type

URI

MISC

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:microsoft:.net:6.0.0:::::::*`	.net	== None	== 6.0.0
`cpe:2.3:a:microsoft:visual_studio_2022:17.2:::::::*`	visual_studio_2022	== None	== 17.2
`cpe:2.3:a:microsoft:visual_studio_2019::::::::`	visual_studio_2019	>= 16.0	< 16.11.24
`cpe:2.3:a:microsoft:visual_studio_2017::::::::`	visual_studio_2017	>= 15.0	< 15.9.51
`cpe:2.3:a:microsoft:visual_studio_2022:17.0.0:::::::*`	visual_studio_2022	== None	== 17.0.0
`cpe:2.3:a:microsoft:visual_studio_2022:17.4:::::::*`	visual_studio_2022	== None	== 17.4
`cpe:2.3:a:microsoft:.net:7.0.0:::::::*`	.net	== None	== 7.0.0
`cpe:2.3:a:microsoft:visual_studio_2022:17.0:::::::*`	visual_studio_2022	== None	== 17.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*

.net

== None

== 6.0.0

cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*

visual_studio_2022

== None

== 17.2

cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*

visual_studio_2019

>= 16.0

< 16.11.24

cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*

visual_studio_2017

>= 15.0

< 15.9.51

cpe:2.3:a:microsoft:visual_studio_2022:17.0.0:*:*:*:*:*:*:*

visual_studio_2022

== None

== 17.0.0

cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*

visual_studio_2022

== None

== 17.4

cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*

.net

== None

== 7.0.0

cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*

visual_studio_2022

== None

== 17.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
dotnet7-runtime	edge-community	7.0.3-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet7-runtime	3.19-community	7.0.3-r0	None	fixed
dotnet7-runtime	3.18-community	7.0.3-r0	None	fixed
dotnet7-runtime	3.17-community	7.0.3-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet7-build	edge-community	7.0.103-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet7-build	3.19-community	7.0.103-r0	None	fixed
dotnet7-build	3.18-community	7.0.103-r0	None	fixed
dotnet7-build	3.17-community	7.0.103-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet6-runtime	edge-community	6.0.14-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet6-runtime	3.20-community	6.0.14-r0	None	fixed
dotnet6-runtime	3.19-community	6.0.14-r0	None	fixed
dotnet6-runtime	3.18-community	6.0.14-r0	None	fixed
dotnet6-runtime	3.17-community	6.0.14-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet6-build	edge-community	6.0.114-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet6-build	3.20-community	6.0.114-r0	None	fixed
dotnet6-build	3.19-community	6.0.114-r0	None	fixed
dotnet6-build	3.18-community	6.0.114-r0	None	fixed
dotnet6-build	3.17-community	6.0.114-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed

Source package

Branch

Version

Maintainer

Status

dotnet7-runtime

edge-community

7.0.3-r0

Antoine Martin (ayakael) <dev@ayakael.net>

fixed

dotnet7-runtime

3.19-community