Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1aGMteDJjdy0yajR2
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.
Permalink: https://github.com/advisories/GHSA-35hc-x2cw-2j4vJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1aGMteDJjdy0yajR2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-35hc-x2cw-2j4v, CVE-2018-0765
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-0765
- https://github.com/advisories/GHSA-35hc-x2cw-2j4v
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765
- http://www.securityfocus.com/bid/104060
- http://www.securitytracker.com/id/1040851
Affected Packages
nuget:System.Security.Cryptography.Xml
Dependent packages: 0Dependent repositories: 0
Downloads: 668,223,888 total
Affected Version Ranges: < 4.4.2
Fixed in: 4.4.2
All affected versions: 4.4.0, 4.4.1
All unaffected versions: 4.4.2, 4.5.0, 4.6.0, 4.7.0, 4.7.1, 5.0.0, 6.0.0, 6.0.1, 7.0.0, 7.0.1, 8.0.0