Ubuntu 26.04 LTS Dotnet Critical Denial Service Issue USN-8298-1
ubuntu
May 25, 2026
.NET could be made to consume excessive resources if it received specially crafted network traffic.
Summary
.NET could be made to consume excessive resources if it received specially
crafted network traffic.
Software Description:
- dotnet10: .NET CLI tools and runtime
- dotnet8: .NET CLI tools and runtime
- dotnet9: .NET CLI tools and runtime
Details:
Muhammad Abdul Rehman discovered that .NET incorrectly handled certain
network requests, leading to a loop with an unreachable exit condition. A
remote attacker could possibly use this issue to consume excessive
resources, resulting in a denial of service.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS aspnetcore-runtime-10.0 10.0.8-0ubuntu1~26.04.1 dotnet-host-10.0 10.0.8-0ubuntu1~26.04.1 dotnet-hostfxr-10.0 10.0.8-0ubuntu1~26.04.1 dotnet-runtime-10.0 10.0.8-0ubuntu1~26.04.1 dotnet-sdk-10.0 10.0.108-0ubuntu1~26.04.1 dotnet-sdk-aot-10.0 10.0.108-0ubuntu1~26.04.1 dotnet-sdk-dbg-10.0 10.0.108-0ubuntu1~26.04.1 dotnet10 10.0.108-10.0.8-0ubuntu1~26.04.1 Ubuntu 25.10 aspnetcore-runtime-10.0 10.0.8-0ubuntu1~25.10.1 aspnetcore-runtime-8.0 8.0.27-0ubuntu1~25.10.1 aspnetcore-runtime-9.0 9.0.16-0ubuntu1~25.10.1 dotnet-host-10.0 10.0.8-0ubuntu1~25.10.1 dotnet-host-8.0 8.0.27-0ubuntu1~25.10.1 dotnet-host-9.0 9.0.16-0ubuntu1~25.10.1 dotnet-hostfxr-10.0 10.0.8-0ubuntu1~25.10.1 dotnet-hostfxr-8.0 8.0.27-0ubuntu1~25.10.1 dotnet-hostfxr-9.0 9.0.16-0ubuntu1~25.10.1 dotnet-runtime-10.0 10.0.8-0ubuntu1~25.10.1 dotnet-runtime-8.0 8.0.27-0ubuntu1~25.10.1 dotnet-runtime-9.0 9.0.16-0ubuntu1~25.10.1 dotnet-sdk-10.0 10.0.108-0ubuntu1~25.10.1 dotnet-sdk-8.0 8.0.127-0ubuntu1~25.10.1 dotnet-sdk-9.0 9.0.117-0ubuntu1~25.10.1 dotnet-sdk-aot-10.0 10.0.108-0ubuntu1~25.10.1 dotnet-sdk-aot-9.0 9.0.117-0ubuntu1~25.10.1 dotnet-sdk-dbg-10.0 10.0.108-0ubuntu1~25.10.1 dotnet-sdk-dbg-8.0 8.0.127-0ubuntu1~25.10.1 dotnet-sdk-dbg-9.0 9.0.117-0ubuntu1~25.10.1 dotnet10 10.0.108-10.0.8-0ubuntu1~25.10.1 dotnet8 8.0.127-8.0.27-0ubuntu1~25.10.1 dotnet9 9.0.117-9.0.16-0ubuntu1~25.10.1 Ubuntu 24.04 LTS aspnetcore-runtime-10.0 10.0.8-0ubuntu1~24.04.1 aspnetcore-runtime-8.0 8.0.27-0ubuntu1~24.04.1 dotnet-host-10.0 10.0.8-0ubuntu1~24.04.1 dotnet-host-8.0 8.0.27-0ubuntu1~24.04.1 dotnet-hostfxr-10.0 10.0.8-0ubuntu1~24.04.1 dotnet-hostfxr-8.0 8.0.27-0ubuntu1~24.04.1 dotnet-runtime-10.0 10.0.8-0ubuntu1~24.04.1 dotnet-runtime-8.0 8.0.27-0ubuntu1~24.04.1 dotnet-sdk-10.0 10.0.108-0ubuntu1~24.04.1 dotnet-sdk-8.0 8.0.127-0ubuntu1~24.04.1 dotnet-sdk-aot-10.0 10.0.108-0ubuntu1~24.04.1 dotnet-sdk-dbg-10.0 10.0.108-0ubuntu1~24.04.1 dotnet10 10.0.108-10.0.8-0ubuntu1~24.04.1 dotnet8 8.0.127-8.0.27-0ubuntu1~24.04.1 Ubuntu 22.04 LTS aspnetcore-runtime-8.0 8.0.27-0ubuntu1~22.04.1 dotnet-host-8.0 8.0.27-0ubuntu1~22.04.1 dotnet-hostfxr-8.0 8.0.27-0ubuntu1~22.04.1 dotnet-runtime-8.0 8.0.27-0ubuntu1~22.04.1 dotnet-sdk-8.0 8.0.127-0ubuntu1~22.04.1 dotnet8 8.0.127-8.0.27-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8298-1
CVE-2026-42899
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8298-1
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!