.NET March 2022 Updates – .NET 6.0.3, .NET 5.0.15 and, .NET 3.1.23

Today, we are releasing the .NET March 2022 Updates. These updates contain reliability and security improvements. See the individual release notes for details on updated packages.

You can download 6.0.3, 5.0.15 and, 3.1.23 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.

Improvements

• ASP.NET Core: 6.0.3
• EF Core: 6.0.3
• Runtime: 6.0.3
• Winforms: 6.0.3
• WPF: 6.0.3
• WPF: 5.0.15

Security

CVE-2020-8927: .NET Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in .NET 5.0 and .NET Core 3.1 where a buffer overflow exists in the Brotli library versions prior to 1.0.8.

CVE-2022-24464: .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET CORE 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

Microsoft is aware of a Denial of Service vulnerability, which exists in .NET 6.0, .NET 5.0, and .NET CORE 3.1 when parsing certain types of http form requests.

CVE-2022-24512: .NET Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A Remote Code Execution vulnerability exists in .NET 6.0, .NET 5.0, and .NET Core 3.1 where a stack buffer overrun occurs in .NET Double Parse routine.

Visual Studio

See release notes for Visual Studio compatibility for .NET 6.0, .NET 5.0 and, .NET Core 3.1.