CVE-2024-26190

Published: Mar 12, 2024Modified: Dec 27, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: secure@microsoft.com (Secondary)

Description

Microsoft QUIC Denial of Service Vulnerability

Affected (13)

Products: Microsoft: .net, Powershell, Visual Studio 2022, Windows 11 21h2, Windows 11 22h2, Windows 11 23h2, Windows Server 2022, Windows Server 2022 23h2

8 products

Visual Studio 2022

Windows 11 21h2

Windows 11 22h2

Windows 11 23h2

Windows Server 2022

Windows Server 2022 23h2

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Microsoft .net	From 7.0.0 to 7.0.17
Microsoft .net	From 8.0.0 to 8.0.3
Microsoft Powershell	From 7.3 to 7.3.12
Microsoft Powershell	From 7.4 to 7.4.2
Microsoft Visual Studio 2022	From 17.4.0 to 17.4.17
Microsoft Visual Studio 2022	From 17.6.0 to 17.6.13
Microsoft Visual Studio 2022	From 17.8.0 to 17.8.8
Microsoft Visual Studio 2022	From 17.9.0 to 17.9.3
Microsoft Windows 11 21h2	Before 10.0.22000.2836
Microsoft Windows 11 22h2	Before 10.0.22621.3296
Microsoft Windows 11 23h2	Before 10.0.22631.3296
Microsoft Windows Server 2022	Before 10.0.20348.2340
Microsoft Windows Server 2022 23h2	Before 10.0.25398.763

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190

Source: secure@microsoft.com

Vendor Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.