Published: 09/02/2022 Updated: 29/06/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Subscribe to Visual Studio 2019

A vulnerability was found in dotnet’s ASP.NET Core Krestel when pooling HTTP/2 and HTTP/3 headers. This flaw allows a remote, unauthenticated malicious user to cause a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft visual studio 2019
microsoft .net
microsoft visual studio 2022
fedoraproject fedora 34
fedoraproject fedora 35

A vulnerability was found in dotnet’s ASPNET Core Krestel when pooling HTTP/2 and HTTP/3 headers This flaw allows a remote, unauthenticated attacker to cause a denial of service ...

Update global.json files with the latest SDK version

dotnet-sdk-updater Update globaljson files with the latest SDK version Usage - uses: xt0rted/dotnet-sdk-updater Inputs Name Description Default dry-run Checks if an update is available but doesn't update the file false file-location The location of the globaljson to check / Outputs Name Description Example

NVD-CWE-noinfo https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986 https://nvd.nist.gov https://github.com/xt0rted/dotnet-sdk-updater https://access.redhat.com/security/cve/cve-2022-21986

CVE-2022-21986

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect