CVE-2023-21808 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
microsoft	CNA	7.8 HIGH				CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 79%

Affected Products (NVD)

Vendor	Product	Version
microsoft	.net	6.0.0
microsoft	.net	7.0.0
microsoft	visual_studio_2017	15.0 ≤ 𝑥 < 15.9.51
microsoft	visual_studio_2019	16.0 ≤ 𝑥 < 16.11.24
microsoft	visual_studio_2022	17.0
microsoft	visual_studio_2022	17.2
microsoft	visual_studio_2022	17.4
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8
microsoft	.net_framework	3.5
microsoft	.net_framework	4.7.2
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8.1
microsoft	.net_framework	4.8
microsoft	.net_framework	3.5
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.6.2
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8.1
microsoft	.net_framework	4.8
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB5022858
1607 (x64, x86)	KB5022838
1607 (x64, x86)	KB5022503
1809 (arm64, x64, x64, x86, x86)	KB5022782
20H2 (arm64, arm64, x86, x86)	KB5022727
21H2 (arm64, arm64, x64, x64, x86, x86)	KB5022728
22H2 (arm64, arm64, x64, x64, x86, x86)	KB5022729

Windows 11

21H2 (arm64, arm64, x64, x64)	KB5022730
22H2 (arm64, x64)	KB5022497

Windows Server 2008

Service Pack 2 (x64, x86)	KB5022786
Service Pack 2 Server Core (x64, x86)	KB5022786

Windows Server 2008 R2

Service Pack 1 (x64, x64)	KB5022783
Service Pack 1 Server Core (x64, x64)	KB5022783

Windows Server 2012

Server Core	KB5022784
Standard	KB5022784

Windows Server 2012 R2

Server Core	KB5022785
Standard	KB5022785

Windows Server 2016

Server Core	KB5022838
Server Core	KB5022503
Standard	KB5022838
Standard	KB5022503

Windows Server 2019

Server Core	KB5022782
Standard	KB5022782

Windows Server 2022

Server Core	KB5022735
Standard	KB5022735

Ubuntu Releases

Ubuntu Product

Codename

dotnet6

bionic	dne
focal	dne
jammy	not-affected
kinetic	not-affected
lunar	not-affected
trusty	dne
xenial	dne

dotnet7

bionic	dne
focal	dne
jammy	not-affected
kinetic	not-affected
lunar	not-affected
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808