Back to bug 2228620
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Patrick Del Bello | 2023-08-02 20:52:22 UTC | CC | security-response-team | |
| Sandipan Roy | 2023-08-08 17:19:25 UTC | Summary | EMBARGOED CVE-2023-38178 dotnet: ASP.NET Kestrel stream flow control leads to Denial of Service | CVE-2023-38178 dotnet: ASP.NET Kestrel stream flow control leads to Denial of Service |
| CC | andrew.slice, bodavis, dbhole, kanderso, lvaleeva, rwagner | |||
| Group | qe_staff, security | |||
| Sandipan Roy | 2023-08-08 17:21:47 UTC | Doc Text | A vulnerability was found in dotnet. This vulnerability exists in .NET Kestrel where a malicious client can bypass QUIC stream limit in HTTP/3 in both ASP.NET and .NET runtimes resulting in denial of service. | |
| Paige Jung | 2023-08-08 18:16:51 UTC | Doc Text | A vulnerability was found in dotnet. This vulnerability exists in .NET Kestrel where a malicious client can bypass QUIC stream limit in HTTP/3 in both ASP.NET and .NET runtimes resulting in denial of service. | A vulnerability was found in .NET Kestrel in dotnet. This issue may allow a malicious client to bypass the QUIC stream limit in both ASP.NET and .NET runtimes in HTTP/3, resulting in denial of service. |
| Paige Jung | 2023-08-08 18:17:06 UTC | Doc Text | A vulnerability was found in .NET Kestrel in dotnet. This issue may allow a malicious client to bypass the QUIC stream limit in both ASP.NET and .NET runtimes in HTTP/3, resulting in denial of service. | A vulnerability was found in .NET Kestrel in dotnet. This issue may allow a malicious client to bypass the QUIC stream limit in both ASP.NET and .NET runtimes in HTTP/3, resulting in a denial of service. |
| Product Security DevOps Team | 2023-08-08 23:00:03 UTC | Resolution | --- | NOTABUG |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-08-08 23:00:03 UTC | |||
| TEJ RATHI | 2023-08-11 05:42:58 UTC | Doc Text | A vulnerability was found in .NET Kestrel in dotnet. This issue may allow a malicious client to bypass the QUIC stream limit in both ASP.NET and .NET runtimes in HTTP/3, resulting in a denial of service. | A vulnerability was found in dotNET in Kestrel component. This issue may allow a malicious client to bypass the QUIC stream limit in both ASP.NET and .NET runtimes in HTTP/3, resulting in a denial of service. |
| Rohit Keshri | 2023-08-11 14:44:53 UTC | Status | CLOSED | NEW |
| Resolution | NOTABUG | --- | ||
| Keywords | Reopened | |||
| Rohit Keshri | 2023-08-11 14:47:46 UTC | Depends On | 2231445 | |
| TEJ RATHI | 2023-08-11 14:53:09 UTC | Depends On | 2231446, 2231447, 2231448, 2231449 | |
| Product Security DevOps Team | 2023-08-14 13:50:13 UTC | Status | NEW | CLOSED |
| Resolution | --- | NOTABUG | ||
| Last Closed | 2023-08-08 23:00:03 UTC | 2023-08-14 13:50:13 UTC |
Back to bug 2228620