Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerability Issue CVE-2024-0057 : [email protected] #199

Open
asb1208 opened this issue Jan 23, 2024 · 0 comments
Open

Vulnerability Issue CVE-2024-0057 : [email protected] #199

asb1208 opened this issue Jan 23, 2024 · 0 comments

Comments

@asb1208
Copy link

asb1208 commented Jan 23, 2024

We have latest stable version i.e 4.3.2 for System.Security.Cryptography.X509Certificates as recommended but still shows the issue of vulnerability with CVE-2024-0057.

We are using dot net 4.6.1 as target framework for our solutions, please let us know by when this issue will be resolved in next version of System.Security.Cryptography.X509Certificates

Issue Details: [CVE-2024-0057]-(https://www.cve.org/CVERecord?id=CVE-2024-0057)

X509Certificates Code Link: https://referencesource.microsoft.com/#System.Security/system/security/cryptography/x509/x509ui.cs,a0e6c16c340ea6f4,references

Explanation: The Microsoft.NETCore.App.Runtime packages are vulnerable due to Improper Certificate Validation.
The Build() method of the X509Chain class mishandles errors thrown during certificate chaining.
Consequently, this may yield incorrect failure codes back to users of the certificate chaining APIs.
A remote attacker can exploit this vulnerability with a crafted certificate that may bypass the security controls of applications that depend on the aforementioned failure codes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant