{
  "threat_severity" : "Important",
  "public_date" : "2022-03-08T18:00:00Z",
  "bugzilla" : {
    "description" : "dotnet: double parser stack buffer overrun",
    "id" : "2061854",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2061854"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-120",
  "details" : [ ".NET and Visual Studio Remote Code Execution Vulnerability", "A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise." ],
  "affected_release" : [ {
    "product_name" : ".NET Core on Red Hat Enterprise Linux",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0829",
    "cpe" : "cpe:/a:redhat:rhel_dotnet:3.1::el7",
    "package" : "rh-dotnet31-dotnet-0:3.1.417-1.el7_9"
  }, {
    "product_name" : ".NET Core on Red Hat Enterprise Linux",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0828",
    "cpe" : "cpe:/a:redhat:rhel_dotnet:5.0::el7",
    "package" : "rh-dotnet50-dotnet-0:5.0.212-1.el7_9"
  }, {
    "product_name" : ".NET Core on Red Hat Enterprise Linux",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0832",
    "cpe" : "cpe:/a:redhat:rhel_dotnet:6.0::el7",
    "package" : "rh-dotnet60-dotnet-0:6.0.103-3.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0826",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "dotnet6.0-0:6.0.103-4.el8_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0827",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "dotnet3.1-0:3.1.417-1.el8_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0830",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "dotnet5.0-0:5.0.212-1.el8_5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-24512\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-24512\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512" ],
  "name" : "CVE-2022-24512",
  "csaw" : false
}