Microsoft today released.NET September 2022 updates in the form of.NET 6.0.9 and.NET Core 3.1.29. The major highlight of the new release is a security fix for a.NET Core and Visual Studio stack overflow Denial of Service vulnerability. The security flaw has been assigned the tracking ID "CVE-2022-38013", which has a high severity rating and a Common Vulnerability Scoring System (CVSS) rating of 7.5.
The company claims to be "disciplined."
This security warning is now being released by Microsoft to provide information about a vulnerability in.NET 6 and.NET Core 3.1. This information provides guidance on what developers can do to improve their applications to mitigate this vulnerability.
When an attacker sends a customized payload that is parsed during model binding, a denial of service vulnerability exists in ASP.NET Core 3.1 and.NET 6.0 where a malicious client may result in a stack overflow.
Outside of security fixes, the new releases also feature runtime improvements.
Windows, Mac, and Linux, but.NET 6.0.9 and.NET Core 3.1.29 are available for windows, macOS, and Linux, including x86, x64, Arm32, and Arm64. In terms of Visual Studio compatibility, you''ll need Visual Studio 17.3 or later to use.NET 6.0 on Windows. On macOS, you''ll need the most recent Visual Studio version for Mac.
In the official blog post, you may find more information.