CVE-2024-21319: 
C# vulnerability analysis and mitigation

Microsoft Identity has reported a denial of service vulnerability identified as CVE-2024-21319. The vulnerability was discovered and initially reported on December 8, 2023, affecting multiple versions of Microsoft .NET and Identity Model components (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.8 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H. This indicates that the vulnerability is network-accessible, requires low attack complexity but high privileges, needs no user interaction, has changed scope, and can result in high availability impact while having no effect on confidentiality or integrity (NVD).

The vulnerability affects multiple versions of Microsoft software including .NET versions 6.0.0 through 6.0.26, 7.0.0 through 7.0.15, 8.0.0 through 8.0.1, and Identity Model versions 5.0.0 through 5.7.0. When successfully exploited, it can result in a denial of service condition (NVD).

Microsoft has released security updates to address this vulnerability. Fixed versions are available for various platforms including Ubuntu 23.10 (version 6.0.126-0ubuntu1~23.10.1), Ubuntu 23.04, and Ubuntu 22.04 LTS for dotnet6 and dotnet7 components (Ubuntu Security).