CVE-2023-36794 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
microsoft	CNA	7.8 HIGH				CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 77%

Affected Products (NVD)

Vendor	Product	Version
microsoft	.net_framework	3.5.1
microsoft	.net_framework	3.5
microsoft	.net_framework	2.0:sp2
microsoft	.net_framework	3.0:sp2
microsoft	.net_framework	4.6.2
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8.1
microsoft	.net_framework	4.8
microsoft	.net_framework	3.5
microsoft	.net_framework	4.7.2
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2
microsoft	.net	6.0.0
microsoft	.net	7.0.0
microsoft	visual_studio_2017	15.0 ≤ 𝑥 < 15.9.57
microsoft	visual_studio_2019	16.0 ≤ 𝑥 < 16.11.30
microsoft	visual_studio_2022	17.2 ≤ 𝑥 < 17.2.19
microsoft	visual_studio_2022	17.4 ≤ 𝑥 < 17.4.11
microsoft	visual_studio_2022	17.7 ≤ 𝑥 < 17.7.4

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB5030220
1607 (x64, x86)	KB5029924
1607 (x64, x86)	KB5030213
1809 (arm64, x64, x64, x86, x86)	KB5030178
21H2 (arm64, arm64, x64, x64, x86, x86)	KB5030179
22H2 (arm64, arm64, x64, x64, x86, x86)	KB5030180

Windows 11

21H2 (arm64, arm64, x64, x64)	KB5030181
22H2 (arm64, x64)	KB5031217

Windows Server 2008

Service Pack 2 (x64, x64, x86, x86)	KB5030185
Service Pack 2 Server Core (x64, x86)	KB5030185

Windows Server 2008 R2

Service Pack 1 (x64, x64, x64)	KB5030182
Service Pack 1 Server Core (x64, x64, x64)	KB5030182

Windows Server 2012

Server Core	KB5030183
Standard	KB5030183

Windows Server 2012 R2

Server Core	KB5030184
Standard	KB5030184

Windows Server 2016

Server Core	KB5029924
Server Core	KB5030213
Standard	KB5029924
Standard	KB5030213

Windows Server 2019

Server Core	KB5030178
Standard	KB5030178

Windows Server 2022

Server Core	KB5030186
Standard	KB5030186

Ubuntu Releases

Ubuntu Product

Codename

dotnet6

bionic	dne
focal	dne
jammy	not-affected
lunar	not-affected
trusty	dne
xenial	dne

dotnet7

bionic	dne
focal	dne
jammy	not-affected
lunar	not-affected
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-191 - Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794