Bug 2083647 (CVE-2022-29117) - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage
Summary: CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-29117
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2083680 2083681 2083682 2083683 2083684 2083685 2083686 2083687 2083688 2083689 2083690
Blocks: 2082718
TreeView+ depends on / blocked
 
Reported: 2022-05-10 14:20 UTC by Patrick Del Bello
Modified: 2022-05-18 05:45 UTC (History)
8 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2022-05-18 05:45:09 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:2220 0 None None None 2022-05-11 20:30:23 UTC
Red Hat Product Errata RHBA-2022:2224 0 None None None 2022-05-11 21:32:45 UTC
Red Hat Product Errata RHSA-2022:2194 0 None None None 2022-05-11 18:08:54 UTC
Red Hat Product Errata RHSA-2022:2195 0 None None None 2022-05-11 17:55:25 UTC
Red Hat Product Errata RHSA-2022:2196 0 None None None 2022-05-11 18:21:08 UTC
Red Hat Product Errata RHSA-2022:2199 0 None None None 2022-05-11 18:19:02 UTC
Red Hat Product Errata RHSA-2022:2200 0 None None None 2022-05-11 18:05:52 UTC
Red Hat Product Errata RHSA-2022:2202 0 None None None 2022-05-11 18:41:39 UTC
Red Hat Product Errata RHSA-2022:4588 0 None None None 2022-05-18 01:25:47 UTC

Description Patrick Del Bello 2022-05-10 14:20:21 UTC 
A malicious client can send MyCookie=chunks-2147483647 without the actual cookie chunks and cause large allocations, exceptions and excess CPU utilization on the server when it tried to read or delete that many chunks. Affected .NET versions: 6.0, 5.0, 3.1
Comment 2 errata-xmlrpc 2022-05-11 17:55:22 UTC 
This issue has been addressed in the following products:

  .NET Core on Red Hat Enterprise Linux

Via RHSA-2022:2195 https://access.redhat.com/errata/RHSA-2022:2195
Comment 3 errata-xmlrpc 2022-05-11 18:05:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:2200 https://access.redhat.com/errata/RHSA-2022:2200
Comment 4 errata-xmlrpc 2022-05-11 18:08:52 UTC 
This issue has been addressed in the following products:

  .NET Core on Red Hat Enterprise Linux

Via RHSA-2022:2194 https://access.redhat.com/errata/RHSA-2022:2194
Comment 5 errata-xmlrpc 2022-05-11 18:19:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:2199 https://access.redhat.com/errata/RHSA-2022:2199
Comment 6 errata-xmlrpc 2022-05-11 18:21:06 UTC 
This issue has been addressed in the following products:

  .NET Core on Red Hat Enterprise Linux

Via RHSA-2022:2196 https://access.redhat.com/errata/RHSA-2022:2196
Comment 7 errata-xmlrpc 2022-05-11 18:41:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:2202 https://access.redhat.com/errata/RHSA-2022:2202
Comment 8 errata-xmlrpc 2022-05-18 01:25:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4588 https://access.redhat.com/errata/RHSA-2022:4588
Comment 9 Product Security DevOps Team 2022-05-18 05:45:07 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-29117
Note You need to log in before you can comment on or make changes to this bug.