Aspnetcore Odata
Monthly
Denial of service in Microsoft's OData libraries for ASP.NET/ASP.NET Core (Microsoft.AspNet.OData and Microsoft.AspNetCore.OData) allows a remote, unauthenticated attacker to exhaust server resources over the network, degrading or crashing the hosting web application (CVSS 7.5, availability-only impact). The flaw stems from resource allocation without limits or throttling (CWE-770), so a crafted request stream forces excessive consumption of CPU, memory, or connections. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Uncontrolled resource allocation in Microsoft's ASP.NET Core OData libraries (Microsoft.AspNetCore.OData and Microsoft.AspNet.OData) lets a remote, unauthenticated attacker exhaust server resources and cause a denial of service over the network. Any web application or API exposing OData query endpoints built on the affected packages is at risk, and the CVSS 7.5 rating reflects a high-availability impact with no confidentiality or integrity compromise. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Denial of service in Microsoft's OData libraries for ASP.NET/ASP.NET Core (Microsoft.AspNet.OData and Microsoft.AspNetCore.OData) allows a remote, unauthenticated attacker to exhaust server resources over the network, degrading or crashing the hosting web application (CVSS 7.5, availability-only impact). The flaw stems from resource allocation without limits or throttling (CWE-770), so a crafted request stream forces excessive consumption of CPU, memory, or connections. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Uncontrolled resource allocation in Microsoft's ASP.NET Core OData libraries (Microsoft.AspNetCore.OData and Microsoft.AspNet.OData) lets a remote, unauthenticated attacker exhaust server resources and cause a denial of service over the network. Any web application or API exposing OData query endpoints built on the affected packages is at risk, and the CVSS 7.5 rating reflects a high-availability impact with no confidentiality or integrity compromise. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.