Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wOXd4LXYyNjQtcTM0cM4AAWUJ
Improper Certificate Validation in Microsoft .NET Framework components
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
Permalink: https://github.com/advisories/GHSA-p9wx-v264-q34pJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wOXd4LXYyNjQtcTM0cM4AAWUJ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago
CVSS Score: 5.5
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-p9wx-v264-q34p, CVE-2018-8356
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-8356
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356
- https://github.com/dotnet/announcements/issues/73
- https://github.com/github/advisory-database/issues/302
- https://github.com/advisories/GHSA-p9wx-v264-q34p
Blast Radius: 1.0
Affected Packages
nuget:System.ServiceModel.Security
Dependent packages: 293Dependent repositories: 0
Downloads: 187,239,800 total
Affected Version Ranges: >= 4.0.0, <= 4.0.2, >= 4.5.0, < 4.5.3, >= 4.4.0, < 4.4.4, >= 4.3.0, < 4.3.3
Fixed in: 4.0.4, 4.5.3, 4.4.4, 4.3.3
All affected versions: 4.0.0, 4.0.1, 4.0.2, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2
All unaffected versions: 3.9.0, 4.0.3, 4.0.4, 4.3.3, 4.4.4, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0
nuget:System.ServiceModel.Duplex
Dependent packages: 267Dependent repositories: 0
Downloads: 166,668,967 total
Affected Version Ranges: >= 4.0.0, <= 4.0.2, >= 4.5.0, < 4.5.3, >= 4.4.0, < 4.4.4, >= 4.3.0, < 4.3.3
Fixed in: 4.0.4, 4.5.3, 4.4.4, 4.3.3
All affected versions: 4.0.0, 4.0.1, 4.0.2, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2
All unaffected versions: 4.0.3, 4.0.4, 4.3.3, 4.4.4, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0
nuget:System.ServiceModel.Primitives
Dependent packages: 695Dependent repositories: 0
Downloads: 392,528,249 total
Affected Version Ranges: >= 4.0.0, < 4.1.3, >= 4.5.0, < 4.5.3, >= 4.4.0, < 4.4.4, >= 4.3.0, < 4.3.3
Fixed in: 4.1.3, 4.5.3, 4.4.4, 4.3.3
All affected versions: 4.0.0, 4.1.0, 4.1.1, 4.1.2, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2
All unaffected versions: 3.9.0, 4.1.3, 4.3.3, 4.4.4, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0, 6.1.0, 6.2.0, 8.0.0
nuget:System.ServiceModel.NetTcp
Dependent packages: 295Dependent repositories: 0
Downloads: 175,745,555 total
Affected Version Ranges: >= 4.0.0, < 4.1.3, >= 4.5.0, < 4.5.3, >= 4.4.0, < 4.4.4, >= 4.3.0, < 4.3.3
Fixed in: 4.1.3, 4.5.3, 4.4.4, 4.3.3
All affected versions: 4.0.0, 4.1.0, 4.1.1, 4.1.2, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2
All unaffected versions: 4.1.3, 4.3.3, 4.4.4, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0, 6.1.0, 6.2.0, 8.0.0
nuget:System.ServiceModel.Http
Dependent packages: 448Dependent repositories: 0
Downloads: 244,471,265 total
Affected Version Ranges: >= 4.0.0, < 4.1.3, >= 4.5.0, < 4.5.3, >= 4.4.0, < 4.4.4, >= 4.3.0, < 4.3.3
Fixed in: 4.1.3, 4.5.3, 4.4.4, 4.3.3
All affected versions: 4.0.0, 4.0.10, 4.1.0, 4.1.1, 4.1.2, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2
All unaffected versions: 3.9.0, 4.1.3, 4.3.3, 4.4.4, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0, 6.1.0, 6.2.0, 8.0.0, 8.1.0
nuget:System.Private.ServiceModel
Dependent packages: 50Dependent repositories: 0
Downloads: 352,728,514 total
Affected Version Ranges: >= 4.5.0, < 4.5.3, >= 4.4.0, < 4.4.4, >= 4.3.0, < 4.3.3, >= 4.0.0, < 4.1.3
Fixed in: 4.5.3, 4.4.4, 4.3.3, 4.1.3
All affected versions: 4.0.0, 4.1.0, 4.1.1, 4.1.2, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2
All unaffected versions: 4.1.3, 4.3.3, 4.4.4, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3