Skip to main content

Net CVE-2022-24464

HIGH
Uncontrolled Resource Consumption (CWE-400)
2022-03-09 secure@microsoft.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 09, 2022 - 17:15 cve.org
HIGH 7.5

DescriptionCVE.org

.NET and Visual Studio Denial of Service Vulnerability

AnalysisAI

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. Affected products include: Microsoft .Net, Microsoft .Net Core, Microsoft Visual Studio 2019, Microsoft Visual Studio 2022, Fedoraproject Fedora.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

More in Net

View all
CVE-2026-33811 HIGH POC
7.5 May 07

Memory corruption in Go's net library (versions <1.25.10 and 1.26.0-1.26.2) leads to application crash when parsing mali

CVE-2018-17848 HIGH POC
7.5 Oct 01

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "

CVE-2018-17847 HIGH POC
7.5 Oct 01

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading

CVE-2018-17143 HIGH POC
7.5 Sep 17

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a

CVE-2018-17142 HIGH POC
7.5 Sep 17

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "pani

CVE-2018-17075 HIGH POC
7.5 Sep 16

The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic:

CVE-2026-45491 MEDIUM POC
5.5 Jun 09

Local file tampering via symlink/junction following in Microsoft .NET runtimes 8.0, 9.0, and 10.0 allows a local unauthe

CVE-2024-43498 CRITICAL
9.8 Nov 12

.NET and Visual Studio Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is re

CVE-2023-36049 CRITICAL
9.8 Nov 14

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this v

CVE-2024-57854 CRITICAL
9.1 Mar 05

Weak PRNG in Net::NSCA::Client through 0.009002 for Perl. Patch available.

CVE-2026-11373 CRITICAL
9.1 Jun 22

Metric injection in the Perl module Net::Statsite::Client through version 1.1.0 allows attackers controlling metric name

CVE-2026-45591 HIGH
7.5 Jun 09

Remote denial of service in ASP.NET Core enables unauthenticated network attackers to exhaust server resources and disru

Share

CVE-2022-24464 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy