{
  "threat_severity" : "Important",
  "public_date" : "2026-04-14T18:39:07Z",
  "bugzilla" : {
    "description" : "dotnet: .NET: Denial of Service via stack overflow",
    "id" : "2457740",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2457740"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-787",
  "details" : [ "Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.", "A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service (DoS). This could make the affected system unavailable to legitimate users." ],
  "statement" : "This is an Important denial of service vulnerability in .NET, affecting Red Hat Enterprise Linux and Fedora. The flaw, a stack overflow in EncryptedKey nested decryption, could allow an attacker to cause a denial of service.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8467",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "dotnet10.0-0:10.0.106-1.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8470",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "dotnet8.0-0:8.0.126-1.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8472",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "dotnet9.0-0:9.0.116-1.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-05-04T00:00:00Z",
    "advisory" : "RHSA-2026:13280",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "dotnet9.0-0:9.0.116-1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-05-04T00:00:00Z",
    "advisory" : "RHSA-2026:13281",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "dotnet8.0-0:8.0.126-1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8468",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "dotnet8.0-0:8.0.126-1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8473",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "dotnet10.0-0:10.0.106-1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8475",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "dotnet9.0-0:9.0.116-1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8469",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "dotnet8.0-0:8.0.126-1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8471",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "dotnet10.0-0:10.0.106-1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8474",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "dotnet9.0-0:9.0.116-1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-05-05T00:00:00Z",
    "advisory" : "RHSA-2026:13693",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "dotnet8.0-0:8.0.126-1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-05-04T00:00:00Z",
    "advisory" : "RHSA-2026:13282",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "dotnet9.0-0:9.0.116-1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-05-04T00:00:00Z",
    "advisory" : "RHSA-2026:13283",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "dotnet8.0-0:8.0.126-1.el9_6"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-04-20T00:00:00Z",
    "advisory" : "RHSA-2026:9077",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "dotnet10-0-main-10.0.106-1.hum1"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-04-20T00:00:00Z",
    "advisory" : "RHSA-2026:9080",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "dotnet8-0-main-8.0.126-1.hum1"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-04-21T00:00:00Z",
    "advisory" : "RHSA-2026:9205",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "dotnet9-0-main-9.0.116-1.hum1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-32203\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32203" ],
  "name" : "CVE-2026-32203",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}