CVE-2024-38081

CVE-2024-38081

Name

CVE-2024-38081

Description

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vendor-advisory	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081

Type

URI

vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:microsoft:visual_studio_2022:17.4:::::::*`	visual-studio-2022	>= 17.4.0	< 17.4.21
`cpe:2.3:a:microsoft:visual_studio:2022:::::::*`	visual-studio	>= 17.6.0	< 17.6.17
`cpe:2.3:a:microsoft:visual_studio:2022:::::::*`	visual-studio	>= 17.8.0	< 17.8.12
`cpe:2.3:a:microsoft:.net:8.0.0:::::::*`	.net	>= 1.0.0	< 8.0.7
`cpe:2.3:a:microsoft:.net:4.7.2:::::::*`	.net	>= 4.7.0	< 4.7.4101.02
`cpe:2.3:a:microsoft:.net:4.7.2:::::::*`	.net	>= 4.7.0	< 4.7.4101.01
`cpe:2.3:a:microsoft:.net:4.8.1:::::::*`	.net	>= 4.8.1	< 4.8.1.9256.03
`cpe:2.3:a:microsoft:.net:4.8.1:::::::*`	.net	>= 4.8.1	< 4.8.9256.03
`cpe:2.3:a:microsoft:.net:4.6.2:::::::*`	.net	>= 4.7.0	< 4.7.4101.01
`cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*`	.net-framework	>= 10.0.0.0	< 10.0.10240.20710
`cpe:2.3:a:microsoft:.net:2.0:sp2::::::`	.net	>= 2.0.0	< 2.0.50727.8977
`cpe:2.3:a:microsoft:.net:3.0:sp2::::::`	.net	>= 3.0.0	< 2.0.50727.8977
`cpe:2.3:a:microsoft:.net:3.5:::::::*`	.net	>= 3.5.0	< 3.5.30729.8972
`cpe:2.3:a:microsoft:.net:3.5:::::::*`	.net	>= 3.5.0	< 3.5.30729.8971
`cpe:2.3:a:microsoft:.net:3.5:::::::*`	.net	>= 3.5.0	< 3.5.4101.04
`cpe:2.3:a:microsoft:.net:3.5.1:::::::*`	.net	>= 3.5.0	< 3.5.30729.8971
`cpe:2.3:a:microsoft:.net:4.8:::::::*`	.net	>= 4.8.0	< 4.8.04739.02
`cpe:2.3:a:microsoft:.net:4.8:::::::*`	.net	>= 4.8.0	< 4.8.4739.02
`cpe:2.3:a:microsoft:.net:4.8:::::::*`	.net	>= 4.8.0	< 4.8.4739.03
`cpe:2.3:a:microsoft:.net:4.8:::::::*`	.net	>= 4.8.0	< 4.8.4739.04
`cpe:2.3:a:microsoft:.net:4.7.2:::::::*`	.net	>= 4.7.0	< 4.7.2.4101.03
`cpe:2.3:a:microsoft:.net:4.7.2:::::::*`	.net	>= 4.7.0	< 10.0.14393.7159
`cpe:2.3:a:microsoft:.net:4.7.2:::::::*`	.net	>= 4.7.0	< 10.0.10240.20710

CPE URI

Source package

Min version

Max version

cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*

visual-studio-2022

>= 17.4.0

< 17.4.21

cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*

visual-studio

>= 17.6.0

< 17.6.17

cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*

visual-studio

>= 17.8.0

< 17.8.12

cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*

.net

>= 1.0.0

< 8.0.7

cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*

.net

>= 4.7.0

< 4.7.4101.02

cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*

.net

>= 4.7.0

< 4.7.4101.01

cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*

.net

>= 4.8.1

< 4.8.1.9256.03

cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*

.net

>= 4.8.1

< 4.8.9256.03

cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*

.net

>= 4.7.0

< 4.7.4101.01

cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*

.net-framework

>= 10.0.0.0

< 10.0.10240.20710

cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*

.net

>= 2.0.0

< 2.0.50727.8977

cpe:2.3:a:microsoft:.net:3.0:sp2:*:*:*:*:*:*

.net

>= 3.0.0

< 2.0.50727.8977

cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*

.net

>= 3.5.0

< 3.5.30729.8972

cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*

.net

>= 3.5.0

< 3.5.30729.8971

cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*

.net

>= 3.5.0

< 3.5.4101.04

cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*

.net

>= 3.5.0

< 3.5.30729.8971

cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*

.net

>= 4.8.0

< 4.8.04739.02

cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*

.net

>= 4.8.0

< 4.8.4739.02

cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*

.net

>= 4.8.0

< 4.8.4739.03

cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*

.net

>= 4.8.0

< 4.8.4739.04

cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*

.net

>= 4.7.0

< 4.7.2.4101.03

cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*

.net

>= 4.7.0

< 10.0.14393.7159

cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*

.net

>= 4.7.0

< 10.0.10240.20710

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
dotnet6-runtime	edge-community	6.0.32-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet6-runtime	3.20-community	6.0.32-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet6-build	edge-community	6.0.132-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet6-build	3.20-community	6.0.132-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed

Source package

Branch

Version

Maintainer

Status

dotnet6-runtime

edge-community

6.0.32-r0

Antoine Martin (ayakael) <dev@ayakael.net>

fixed

dotnet6-runtime

3.20-community