Red Hat Security Advisory: .NET 8.0 security update
NET 8. 0 on Red Hat Enterprise Linux 9 has multiple security vulnerabilities including a race condition in the Kestrel HTTP/3 stream handling that can lead to remote code execution, and several denial of service issues related to hash flooding and use of SortedList in System. IO. Packaging and System. Text. Json. Updated versions . NET SDK 8. 0. 110 and .
AI Analysis
Technical Summary
This advisory covers multiple security vulnerabilities in .NET 8.0 on Red Hat Enterprise Linux 9. The key issues include a race condition in Kestrel when closing an HTTP/3 stream that may lead to remote code execution (CVE-2024-38229), multiple .NET components vulnerable to hash flooding attacks (CVE-2024-43483), and denial of service vulnerabilities in System.IO.Packaging due to SortedList misuse (CVE-2024-43484) and in System.Text.Json (CVE-2024-43485). Red Hat has released updated .NET SDK 8.0.110 and .NET Runtime 8.0.10 packages to fix these vulnerabilities. The advisory applies to various architectures and extended update support versions of Red Hat Enterprise Linux 9 and related products.
Potential Impact
Successful exploitation of CVE-2024-38229 could allow remote code execution via a race condition in Kestrel HTTP/3 stream handling. The other vulnerabilities (CVE-2024-43483, CVE-2024-43484, CVE-2024-43485) can lead to denial of service conditions through hash flooding and improper handling in System.IO.Packaging and System.Text.Json components. These issues could disrupt service availability or allow an attacker to execute arbitrary code remotely.
Mitigation Recommendations
Red Hat has released updated .NET SDK 8.0.110 and .NET Runtime 8.0.10 packages that address these vulnerabilities. Users should apply these official updates as soon as possible. For detailed update instructions, refer to the Red Hat advisory at https://access.redhat.com/articles/11258. No alternative mitigations are indicated; applying the official patch is the recommended remediation.
Red Hat Security Advisory: .NET 8.0 security update
Description
NET 8. 0 on Red Hat Enterprise Linux 9 has multiple security vulnerabilities including a race condition in the Kestrel HTTP/3 stream handling that can lead to remote code execution, and several denial of service issues related to hash flooding and use of SortedList in System. IO. Packaging and System. Text. Json. Updated versions . NET SDK 8. 0. 110 and .
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers multiple security vulnerabilities in .NET 8.0 on Red Hat Enterprise Linux 9. The key issues include a race condition in Kestrel when closing an HTTP/3 stream that may lead to remote code execution (CVE-2024-38229), multiple .NET components vulnerable to hash flooding attacks (CVE-2024-43483), and denial of service vulnerabilities in System.IO.Packaging due to SortedList misuse (CVE-2024-43484) and in System.Text.Json (CVE-2024-43485). Red Hat has released updated .NET SDK 8.0.110 and .NET Runtime 8.0.10 packages to fix these vulnerabilities. The advisory applies to various architectures and extended update support versions of Red Hat Enterprise Linux 9 and related products.
Potential Impact
Successful exploitation of CVE-2024-38229 could allow remote code execution via a race condition in Kestrel HTTP/3 stream handling. The other vulnerabilities (CVE-2024-43483, CVE-2024-43484, CVE-2024-43485) can lead to denial of service conditions through hash flooding and improper handling in System.IO.Packaging and System.Text.Json components. These issues could disrupt service availability or allow an attacker to execute arbitrary code remotely.
Mitigation Recommendations
Red Hat has released updated .NET SDK 8.0.110 and .NET Runtime 8.0.10 packages that address these vulnerabilities. Users should apply these official updates as soon as possible. For detailed update instructions, refer to the Red Hat advisory at https://access.redhat.com/articles/11258. No alternative mitigations are indicated; applying the official patch is the recommended remediation.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:7869
- Cve Count
- 4
- Additional Cves
- ["CVE-2024-43483","CVE-2024-43484","CVE-2024-43485"]
- Cvss Version
- null
Threat ID: 6a294f768dd33fbd853d3d2d
Added to database: 6/10/2026, 11:50:14 AM
Last enriched: 6/10/2026, 12:09:19 PM
Last updated: 6/10/2026, 12:50:52 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.