Security Update: PowerShell Universal and .NET SDK CVE 2023 21538

January 11, 2023

Discuss this Article

Overview

PowerShell Universal 3.x is affected by CVE-2023-21538 in the .NET SDK. Please update to PowerShell Universal 3.7.2 or later.

Download Now

About CVE-2023-21538

CVE-2023-21538 is a Denial of Service Vulnerability that is present in .NET SDK 6.0.404 or earlier. PowerShell Unviersal 3.x is built on .NET 6. Due to this dependency, PowerShell Universal is also affected by this CVE.

You can learn more about the CVE from Microsoft and their blog post

Affected Versions

All versions of PowerShell Universal 3.x prior to 3.7.2

PowerShell Universal 2.x was built by .NET SDK 5.0 and is not part of this CVE.

Remediation

Upgrade to PowerShell Universal 3.7.2 or later.

Timeline

January 10th, 2023 - Microsoft releases a security patch for CVE-2023-21538 in the form of .NET SDK 6.0.405.
January 11th, 2023 - Ironman Software releases PowerShell Universal 3.7.2 built with the patched SDK.

Questions

Please contact Ironman Software support.

Ironman Software Forums

Continue the conversion on the Ironman Software forums. Chat with over 1000 users about PowerShell, PowerShell Universal, and PowerShell Pro Tools.

Join Now

Ironman Software Newsletter

Receive once-a-month updates about Ironman Software. You'll learn about our product updates and blogs related to PowerShell.