CVE-2024-43484

HIGH

Published Oct 8, 2024 Modified Mar 28, 2025 CWE-407 CWE-789

Description

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

CVSS v3.1 Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness Type (CWE)

CWE-407 CWE-407

CWE-789 CWE-789

Affected Products

Vendor	Product	Versions
microsoft	.net_framework	All
microsoft	.net_framework	All
microsoft	windows_10_21h2	All
microsoft	windows_10_22h2	All
microsoft	windows_11_22h2	All
microsoft	windows_11_23h2	All
microsoft	windows_11_24h2	All
microsoft	windows_server_2022	All
microsoft	windows_server_2022_23h2	All
microsoft	.net_framework	All
microsoft	.net_framework	All
microsoft	windows_10_1809	All
microsoft	windows_10_21h2	All
microsoft	windows_10_22h2	All
microsoft	windows_11_21h2	All
microsoft	windows_server_2019	All
microsoft	windows_server_2022	All
microsoft	.net_framework	All
microsoft	windows_server_2008	All
microsoft	windows_server_2008	All
microsoft	windows_server_2012	All
microsoft	windows_server_2012	All
microsoft	.net_framework	All
microsoft	windows_10_1607	All
microsoft	windows_10_1607	All
microsoft	windows_server_2008	All
microsoft	windows_server_2012	All
microsoft	windows_server_2012	All
microsoft	windows_server_2016	All
microsoft	.net_framework	All
microsoft	.net_framework	All
microsoft	windows_10_1607	All
microsoft	windows_10_1607	All
microsoft	windows_10_1809	All
microsoft	windows_server_2016	All
microsoft	windows_server_2019	All
microsoft	.net_framework	All
microsoft	windows_server_2008	All
microsoft	.net_framework	All
microsoft	windows_server_2008	All
microsoft	windows_server_2008	All
microsoft	.net_framework	All
microsoft	.net_framework	All
microsoft	.net_framework	All
microsoft	.net_framework	All
microsoft	windows_server_2008	All
microsoft	windows_server_2012	All
microsoft	windows_server_2012	All
microsoft	.net_framework	All
microsoft	.net_framework	All
microsoft	windows_10_1507	All
microsoft	.net_framework	All
microsoft	windows_server_2008	All
microsoft	windows_server_2008	All
microsoft	.net_framework	All
microsoft	windows_server_2008	All
microsoft	windows_server_2008	All
microsoft	.net	6.0.0 — 6.0.35
microsoft	.net	8.0.0 — 8.0.10
apple	macos	All
linux	linux_kernel	All
microsoft	windows	All
microsoft	visual_studio_2022	17.6 — 17.6.20
microsoft	visual_studio_2022	17.8 — 17.8.15
microsoft	visual_studio_2022	17.10 — 17.10.8
microsoft	visual_studio_2022	17.11 — 17.11.5

References

Advisories & Patches

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43484

Other References

https://security.netapp.com/advisory/ntap-20250328-0007/

Frequently Asked Questions

What is CVE-2024-43484? +

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability It has a CVSS v3.1 base score of 7.5 (HIGH).

How severe is CVE-2024-43484? +

CVE-2024-43484 has a CVSS v3.1 score of 7.5 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2024-43484? +

CVE-2024-43484 affects products from apple, linux, microsoft, specifically: .net, .net_framework, linux_kernel, macos, visual_studio_2022, windows, windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_21h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-43484? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has …

CVE-2026-40476

graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs O(n²) pairwise comparisons …

CVE-2026-43967

Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation. 'Elixir.Absinthe.Phase.Document.Validation.UniqueFragmentNames':run/2 iterates over …

CVE-2024-9631 7.5

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior …

CVE-2024-21909 7.5

PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger the denial of …

CVE-2024-23684 7.5

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 …

Quick Facts

CVSS Score: 7.5
Severity: HIGH
Published: Oct 8, 2024

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2024-43484.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →