James Newton-King discovered that .NET did not properly limit resource allocation when handling certain HTTP/3 requests. An attacker could possibly use this issue to cause a denial of service.
{
"binaries": [
{
"binary_name": "aspnetcore-runtime-8.0",
"binary_version": "8.0.15-0ubuntu1~22.04.1"
},
{
"binary_name": "aspnetcore-runtime-dbg-8.0",
"binary_version": "8.0.15-0ubuntu1~22.04.1"
},
{
"binary_name": "aspnetcore-targeting-pack-8.0",
"binary_version": "8.0.15-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-apphost-pack-8.0",
"binary_version": "8.0.15-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-host-8.0",
"binary_version": "8.0.15-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-hostfxr-8.0",
"binary_version": "8.0.15-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-runtime-8.0",
"binary_version": "8.0.15-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-runtime-dbg-8.0",
"binary_version": "8.0.15-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-sdk-8.0",
"binary_version": "8.0.115-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-sdk-8.0-source-built-artifacts",
"binary_version": "8.0.115-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-sdk-dbg-8.0",
"binary_version": "8.0.115-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-targeting-pack-8.0",
"binary_version": "8.0.15-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-templates-8.0",
"binary_version": "8.0.115-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet8",
"binary_version": "8.0.115-8.0.15-0ubuntu1~22.04.1"
},
{
"binary_name": "netstandard-targeting-pack-2.1-8.0",
"binary_version": "8.0.115-0ubuntu1~22.04.1"
}
],
"availability": "No subscription required"
}
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7427-1.json"
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"id": "CVE-2025-26682",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
{
"binaries": [
{
"binary_name": "aspnetcore-runtime-8.0",
"binary_version": "8.0.15-0ubuntu1~24.04.1"
},
{
"binary_name": "aspnetcore-runtime-dbg-8.0",
"binary_version": "8.0.15-0ubuntu1~24.04.1"
},
{
"binary_name": "aspnetcore-targeting-pack-8.0",
"binary_version": "8.0.15-0ubuntu1~24.04.1"
},
{
"binary_name": "dotnet-apphost-pack-8.0",
"binary_version": "8.0.15-0ubuntu1~24.04.1"
},
{
"binary_name": "dotnet-host-8.0",
"binary_version": "8.0.15-0ubuntu1~24.04.1"
},
{
"binary_name": "dotnet-hostfxr-8.0",
"binary_version": "8.0.15-0ubuntu1~24.04.1"
},
{
"binary_name": "dotnet-runtime-8.0",
"binary_version": "8.0.15-0ubuntu1~24.04.1"
},
{
"binary_name": "dotnet-runtime-dbg-8.0",
"binary_version": "8.0.15-0ubuntu1~24.04.1"
},
{
"binary_name": "dotnet-sdk-8.0",
"binary_version": "8.0.115-0ubuntu1~24.04.1"
},
{
"binary_name": "dotnet-sdk-8.0-source-built-artifacts",
"binary_version": "8.0.115-0ubuntu1~24.04.1"
},
{
"binary_name": "dotnet-sdk-dbg-8.0",
"binary_version": "8.0.115-0ubuntu1~24.04.1"
},
{
"binary_name": "dotnet-targeting-pack-8.0",
"binary_version": "8.0.15-0ubuntu1~24.04.1"
},
{
"binary_name": "dotnet-templates-8.0",
"binary_version": "8.0.115-0ubuntu1~24.04.1"
},
{
"binary_name": "dotnet8",
"binary_version": "8.0.115-8.0.15-0ubuntu1~24.04.1"
},
{
"binary_name": "netstandard-targeting-pack-2.1-8.0",
"binary_version": "8.0.115-0ubuntu1~24.04.1"
}
],
"availability": "No subscription required"
}
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7427-1.json"
{
"ecosystem": "Ubuntu:24.04:LTS",
"cves": [
{
"id": "CVE-2025-26682",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}