CVE-2023-38171
HIGH7.5EPSS 8.3%Microsoft QUIC Denial of Service Vulnerability
發布日:2023/10/10修改日:2025/5/20
描述
Microsoft QUIC Denial of Service Vulnerability
受影響套件(4)
- Bitnami/dotnet>= 7.0.0, < 7.0.12
- Bitnami/dotnet-sdk>= 7.0.0, < 7.0.12
- NuGet/Microsoft.Native.Quic.MsQuic.OpenSSLfrom 0, < 2.2.3
- NuGet/Microsoft.Native.Quic.MsQuic.Schannelfrom 0, < 2.2.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-38171
- PATCHhttps://github.com/microsoft/msquic
- WEBhttps://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343
- WEBhttps://github.com/microsoft/msquic/security/advisories/GHSA-xh5m-8qqp-c5x7
- WEBhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171