7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-38013

CVE-2022-38013: .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A denial of service vulnerability exists in ASP.NET Core 3.1 and .NET 6.0 where a malicious client could cause a stack overflow which may result in a denial of service attack when an attacker sends a customized payload that is parsed during model binding.

<a name="affected-software"></a>Affected software

Any .NET 6.0 application running on .NET 6.0.8 or earlier.
Any ASP.NET Core 3.1 application running on .NET Core 3.1.28 or earlier. If your application uses the following package versions, ensure you update to the latest version of .NET.

<a name="ASP.NET Core 3.1"></a>.NET Core 3.1

<a name=".NET 6"></a>.NET 6

Other

Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/234 An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/43953 MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-38013

CVE-2022-38013:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Microsoft.AspNetCore.App.Runtime.linux-arm	nuget	>= 3.1.0, < 3.1.29	3.1.29
Microsoft.AspNetCore.App.Runtime.linux-arm64	nuget	>= 3.1.0, < 3.1.29	3.1.29
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	nuget	>= 3.1.0, < 3.1.29	3.1.29
Microsoft.AspNetCore.App.Runtime.linux-musl-x64	nuget	>= 3.1.0, < 3.1.29	3.1.29
Microsoft.AspNetCore.App.Runtime.linux-x64	nuget	>= 3.1.0, < 3.1.29	3.1.29
Microsoft.AspNetCore.App.Runtime.osx-x64	nuget	>= 3.1.0, < 3.1.29	3.1.29
Microsoft.AspNetCore.App.Runtime.win-arm	nuget	>= 3.1.0, < 3.1.29	3.1.29
Microsoft.AspNetCore.App.Runtime.win-arm64	nuget	>= 3.1.0, < 3.1.29	3.1.29
Microsoft.AspNetCore.App.Runtime.win-x64	nuget	>= 3.1.0, < 3.1.29	3.1.29
Microsoft.AspNetCore.App.Runtime.win-x86	nuget	>= 3.1.0, < 3.1.29	3.1.29
Microsoft.AspNetCore.App.Runtime.linux-arm	nuget	>= 5.0.0, < 6.0.9	6.0.9
Microsoft.AspNetCore.App.Runtime.linux-arm64	nuget	>= 5.0.0, < 6.0.9	6.0.9
Microsoft.AspNetCore.App.Runtime.linux-musl-arm	nuget	>= 5.0.0, < 6.0.9	6.0.9
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	nuget	>= 5.0.0, < 6.0.9	6.0.9
Microsoft.AspNetCore.App.Runtime.linux-musl-x64	nuget	>= 5.0.0, < 6.0.9	6.0.9
Microsoft.AspNetCore.App.Runtime.linux-x64	nuget	>= 5.0.0, < 6.0.9	6.0.9
Microsoft.AspNetCore.App.Runtime.osx-arm64	nuget	>= 5.0.0, < 6.0.9	6.0.9
Microsoft.AspNetCore.App.Runtime.osx-x64	nuget	>= 5.0.0, < 6.0.9	6.0.9
Microsoft.AspNetCore.App.Runtime.win-arm	nuget	>= 5.0.0, < 6.0.9	6.0.9
Microsoft.AspNetCore.App.Runtime.win-arm64	nuget	>= 5.0.0, < 6.0.9	6.0.9
Microsoft.AspNetCore.App.Runtime.win-x64	nuget	>= 5.0.0, < 6.0.9	6.0.9
Microsoft.AspNetCore.App.Runtime.win-x86	nuget	>= 5.0.0, < 6.0.9	6.0.9

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from uncontrolled recursion during model binding. The ComplexTypeModelBinder's BindModelAsync method is responsible for recursively binding properties of complex models. In unpatched versions, it lacked proper recursion depth checks, allowing malicious payloads with excessive nesting to trigger stack overflows. This aligns with the advisory's description of 'customized payload parsed during model binding' causing DoS. The fix likely involved adding recursion depth tracking/limiting in this binder.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-38013: .NET Denial of Service Vulnerability

<a name="affected-software"></a>Affected software

<a name="ASP.NET Core 3.1"></a>.NET Core 3.1

<a name=".NET 6"></a>.NET 6

Other

CVE-2022-38013:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

CVE-2022-38013: .NET Denial of Service Vulnerability

<a name="affected-software"></a>Affected software

<a name="ASP.NET Core 3.1"></a>.NET Core 3.1

<a name=".NET 6"></a>.NET 6

Other

7.5

7.5

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI