Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1aGMteDJjdy0yajR2

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.

Permalink: https://github.com/advisories/GHSA-35hc-x2cw-2j4v
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1aGMteDJjdy0yajR2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 6 years ago
Updated: almost 2 years ago


CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Percentage: 0.00352
EPSS Percentile: 0.72523

Identifiers: GHSA-35hc-x2cw-2j4v, CVE-2018-0765
References: Blast Radius: 1.0

Affected Packages

nuget:System.Security.Cryptography.Xml
Dependent packages: 317
Dependent repositories: 0
Downloads: 813,023,905 total
Affected Version Ranges: < 4.4.2
Fixed in: 4.4.2
All affected versions: 4.4.0, 4.4.1
All unaffected versions: 4.4.2, 4.5.0, 4.6.0, 4.7.0, 4.7.1, 5.0.0, 6.0.0, 6.0.1, 6.0.2, 7.0.0, 7.0.1, 8.0.0, 8.0.1, 8.0.2, 9.0.0