Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wOXd4LXYyNjQtcTM0cM4AAWUJ
Improper Certificate Validation in Microsoft .NET Framework components
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
Permalink: https://github.com/advisories/GHSA-p9wx-v264-q34pJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wOXd4LXYyNjQtcTM0cM4AAWUJ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 5.5
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-p9wx-v264-q34p, CVE-2018-8356
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-8356
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356
- https://github.com/dotnet/announcements/issues/73
- https://github.com/github/advisory-database/issues/302
- https://github.com/advisories/GHSA-p9wx-v264-q34p
Blast Radius: 1.0
Affected Packages
nuget:System.ServiceModel.Security
Dependent packages: 0Dependent repositories: 0
Downloads: 158,192,555 total
Affected Version Ranges: >= 4.0.0, <= 4.0.2, >= 4.5.0, < 4.5.3, >= 4.4.0, < 4.4.4, >= 4.3.0, < 4.3.3
Fixed in: 4.0.4, 4.5.3, 4.4.4, 4.3.3
All affected versions: 4.0.0, 4.0.1, 4.0.2, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2
All unaffected versions: 3.9.0, 4.0.3, 4.0.4, 4.3.3, 4.4.4, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0
nuget:System.ServiceModel.Duplex
Dependent packages: 0Dependent repositories: 0
Downloads: 139,000,813 total
Affected Version Ranges: >= 4.0.0, <= 4.0.2, >= 4.5.0, < 4.5.3, >= 4.4.0, < 4.4.4, >= 4.3.0, < 4.3.3
Fixed in: 4.0.4, 4.5.3, 4.4.4, 4.3.3
All affected versions: 4.0.0, 4.0.1, 4.0.2, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2
All unaffected versions: 4.0.3, 4.0.4, 4.3.3, 4.4.4, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0
nuget:System.ServiceModel.Primitives
Dependent packages: 0Dependent repositories: 0
Downloads: 326,880,630 total
Affected Version Ranges: >= 4.0.0, < 4.1.3, >= 4.5.0, < 4.5.3, >= 4.4.0, < 4.4.4, >= 4.3.0, < 4.3.3
Fixed in: 4.1.3, 4.5.3, 4.4.4, 4.3.3
All affected versions: 4.0.0, 4.1.0, 4.1.1, 4.1.2, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2
All unaffected versions: 3.9.0, 4.1.3, 4.3.3, 4.4.4, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0, 6.1.0, 6.2.0, 8.0.0
nuget:System.ServiceModel.NetTcp
Dependent packages: 0Dependent repositories: 0
Downloads: 148,583,361 total
Affected Version Ranges: >= 4.0.0, < 4.1.3, >= 4.5.0, < 4.5.3, >= 4.4.0, < 4.4.4, >= 4.3.0, < 4.3.3
Fixed in: 4.1.3, 4.5.3, 4.4.4, 4.3.3
All affected versions: 4.0.0, 4.1.0, 4.1.1, 4.1.2, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2
All unaffected versions: 4.1.3, 4.3.3, 4.4.4, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0, 6.1.0, 6.2.0, 8.0.0
nuget:System.ServiceModel.Http
Dependent packages: 0Dependent repositories: 0
Downloads: 200,991,749 total
Affected Version Ranges: >= 4.0.0, < 4.1.3, >= 4.5.0, < 4.5.3, >= 4.4.0, < 4.4.4, >= 4.3.0, < 4.3.3
Fixed in: 4.1.3, 4.5.3, 4.4.4, 4.3.3
All affected versions: 4.0.0, 4.0.10, 4.1.0, 4.1.1, 4.1.2, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2
All unaffected versions: 3.9.0, 4.1.3, 4.3.3, 4.4.4, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0, 6.1.0, 6.2.0, 8.0.0
nuget:System.Private.ServiceModel
Dependent packages: 0Dependent repositories: 0
Downloads: 306,803,475 total
Affected Version Ranges: >= 4.5.0, < 4.5.3, >= 4.4.0, < 4.4.4, >= 4.3.0, < 4.3.3, >= 4.0.0, < 4.1.3
Fixed in: 4.5.3, 4.4.4, 4.3.3, 4.1.3
All affected versions: 4.0.0, 4.1.0, 4.1.1, 4.1.2, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2
All unaffected versions: 4.1.3, 4.3.3, 4.4.4, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3