CVE-2024-21392

.NET and Visual Studio Denial of Service Vulnerability

The product does not properly control the allocation and maintenance of a limited resource.

Name	Vendor	Start Version	End Version
.net	Microsoft	7.0.0 (including)	7.0.17 (excluding)
.net	Microsoft	8.0.0 (including)	8.0.3 (excluding)
Powershell	Microsoft	7.3 (including)	7.3.12 (excluding)
Powershell	Microsoft	7.4 (including)	7.4 (including)
Visual_studio_2022	Microsoft	17.4 (including)	17.4.17 (excluding)
Visual_studio_2022	Microsoft	17.6 (including)	17.6.13 (excluding)
Visual_studio_2022	Microsoft	17.8 (including)	17.8.8 (excluding)
Visual_studio_2022	Microsoft	17.9 (including)	17.9.3 (excluding)
Red Hat Enterprise Linux 8	RedHat	dotnet7.0-0:7.0.117-1.el8_9	*
Red Hat Enterprise Linux 8	RedHat	dotnet8.0-0:8.0.103-1.el8_9	*
Red Hat Enterprise Linux 9	RedHat	dotnet7.0-0:7.0.117-1.el9_3	*
Red Hat Enterprise Linux 9	RedHat	dotnet8.0-0:8.0.103-2.el9_3	*
Dotnet7	Ubuntu	jammy	*
Dotnet7	Ubuntu	mantic	*
Dotnet7	Ubuntu	upstream	*
Dotnet8	Ubuntu	devel	*
Dotnet8	Ubuntu	jammy	*
Dotnet8	Ubuntu	mantic	*
Dotnet8	Ubuntu	upstream	*

Mitigation of resource exhaustion attacks requires that the target system either:
The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
The second solution is simply difficult to effectively institute – and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-21392
CWE	https://cwe.mitre.org/data/definitions/400.html

Uncontrolled Resource Consumption