CVE-2025-36853 | Microsoft .NetCore.App.Runtime.win-x86 up to 6.0.36 msdia140.dll malloc integer overflow

September 8, 2025 Yanac

A vulnerability was found in Microsoft .NET 6.0, .NetCore.App.Runtime.linux-arm, .NetCore.App.Runtime.linux-arm64, .NetCore.App.Runtime.linux-musl-arm, .NetCore.App.Runtime.linux-musl-arm64, .NetCore.App.Runtime.linux-musl-x64, .NetCore.App.Runtime.linux-x64, .NetCore.App.Runtime.osx-arm64, .NetCore.App.Runtime.osx-x64, .NetCore.App.Runtime.win-arm, .NetCore.App.Runtime.win-arm64, .NetCore.App.Runtime.win-x64 and .NetCore.App.Runtime.win-x86 up to 6.0.36. It has been declared as problematic. Affected by this vulnerability is the function malloc in the library msdia140.dll. The manipulation results in integer overflow. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is known as CVE-2025-36853. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More