CVE-2023-33141 | MSRC Compact Detail

Severity

Important

Impact

Denial of Service

CVSS

7.5 base · 6.7 temporal

Release

2023-06-13

Signals

ASP.NET Denial of Service Exploited: No Publicly disclosed: No Exploitability: Exploitation Less Likely

CWE

CWE-400: Uncontrolled Resource Consumption

Patch Diff

Loading module diff metadata...

Resolved binary override

Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.

Old version New version

Description

No description was published by MSRC.

FAQ / Articles

FAQ

Is the update for YARP 2.0 currently available? The security update for YARP 2.0 is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.

MSRC Fields

Module / Tag

ASP.NET

Release number

2023-Jun

Latest revision

2023-06-22

CNA

Microsoft

Customer action

required

Denial of service

N/A

CVSS Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

References

MSRC

Official detail

CVE Record

CVE.org

Revision History

v1 · 2023-06-13

Information published.

v1.1 · 2023-06-14

FAQ added to explain that the YARP 2.0 is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.

v2 · 2023-06-22

The following revisions have been made in the Security Updates table: 1) Added YARP 1.0 as it is also affected by this vulnerability and an update is available. 2) The security update for YARP 2.0 is now available. Customers running these affected versions of YARP should install the update for their product to be protected from this vulnerability.

CVE-2023-33141 · Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability