CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2024-21319 | Microsoft Identity Denial of Service Vulnerability | Microsoft Visual Studio | Important | 30-05-2024 |
Technical Information
A denial of service in Microsoft Visual Studio where an authenticated attacker can exploit this vulnerability by crafting a malicious JSON Web Encryption token with high compression ration. When this token is processed by a server, leads to excessive memory allocation and process time during decompression, causing a denial-of-service condition.
Patch Release Date: Jan 09, 2024
Further information on this vulnerability is available at: CVE-2024-21319
Affected Software
Microsoft Visual Studio 2022 version 17.8,Microsoft Visual Studio 2022 version 17.6,
Microsoft Visual Studio 2022 version 17.4,
Microsoft Visual Studio 2022 version 17.2