{"id":"USN-7105-1","summary":"dotnet9 vulnerabilities","details":"It was discovered that the NrbfDecoder component in .NET did not properly\nhandle an instance of a type confusion vulnerability. An authenticated\nattacker could possibly use this issue to gain the privileges of another\nuser and execute arbitrary code. (CVE-2024-43498)\n\nIt was discovered that the NrbfDecoder component in .NET did not properly\nperform input validation. An unauthenticated remote attacker could possibly\nuse this issue to cause a denial of service. (CVE-2024-43499)\n","modified":"2026-01-30T02:43:48.038333Z","published":"2024-11-12T22:03:29.203455Z","related":["CVE-2024-43498","CVE-2024-43499","UBUNTU-CVE-2024-43498","UBUNTU-CVE-2024-43499"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7105-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-43498"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-43499"}],"affected":[{"package":{"name":"dotnet9","ecosystem":"Ubuntu:24.10","purl":"pkg:deb/ubuntu/dotnet9@9.0.100-9.0.0-0ubuntu1~24.10.1?arch=source&distro=oracular"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.100-9.0.0-0ubuntu1~24.10.1"}]}],"versions":["9.0.100-9.0.0~rc1-0ubuntu1","9.0.100-9.0.0~rc1-0ubuntu2","9.0.100-9.0.0~rc2-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"9.0.0-rtm-0ubuntu1~24.10.1","binary_name":"aspnetcore-runtime-9.0"},{"binary_version":"9.0.0-rtm-0ubuntu1~24.10.1","binary_name":"aspnetcore-runtime-dbg-9.0"},{"binary_version":"9.0.0-rtm-0ubuntu1~24.10.1","binary_name":"aspnetcore-targeting-pack-9.0"},{"binary_version":"9.0.0-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-apphost-pack-9.0"},{"binary_version":"9.0.0-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-apphost-pack-9.0-dbgsym"},{"binary_version":"9.0.0-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-host-9.0"},{"binary_version":"9.0.0-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-host-9.0-dbgsym"},{"binary_version":"9.0.0-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-hostfxr-9.0"},{"binary_version":"9.0.0-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-hostfxr-9.0-dbgsym"},{"binary_version":"9.0.0-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-runtime-9.0"},{"binary_version":"9.0.0-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-runtime-9.0-dbgsym"},{"binary_version":"9.0.0-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-runtime-dbg-9.0"},{"binary_version":"9.0.100-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-sdk-9.0"},{"binary_version":"9.0.100-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-sdk-9.0-dbgsym"},{"binary_version":"9.0.100-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-sdk-9.0-source-built-artifacts"},{"binary_version":"9.0.100-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-sdk-aot-9.0"},{"binary_version":"9.0.100-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-sdk-aot-9.0-dbgsym"},{"binary_version":"9.0.100-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-sdk-dbg-9.0"},{"binary_version":"9.0.0-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-targeting-pack-9.0"},{"binary_version":"9.0.100-rtm-0ubuntu1~24.10.1","binary_name":"dotnet-templates-9.0"},{"binary_version":"9.0.100-9.0.0-0ubuntu1~24.10.1","binary_name":"dotnet9"},{"binary_version":"9.0.100-rtm-0ubuntu1~24.10.1","binary_name":"netstandard-targeting-pack-2.1-9.0"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7105-1.json"}}],"schema_version":"1.7.3"}