Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1aGMteDJjdy0yajR2
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.
Permalink: https://github.com/advisories/GHSA-35hc-x2cw-2j4vJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1aGMteDJjdy0yajR2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 6 years ago
Updated: almost 2 years ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Percentage: 0.00352
EPSS Percentile: 0.72523
Identifiers: GHSA-35hc-x2cw-2j4v, CVE-2018-0765
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-0765
- https://github.com/advisories/GHSA-35hc-x2cw-2j4v
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765
- http://www.securityfocus.com/bid/104060
- http://www.securitytracker.com/id/1040851
Affected Packages
nuget:System.Security.Cryptography.Xml
Dependent packages: 317Dependent repositories: 0
Downloads: 813,023,905 total
Affected Version Ranges: < 4.4.2
Fixed in: 4.4.2
All affected versions: 4.4.0, 4.4.1
All unaffected versions: 4.4.2, 4.5.0, 4.6.0, 4.7.0, 4.7.1, 5.0.0, 6.0.0, 6.0.1, 6.0.2, 7.0.0, 7.0.1, 8.0.0, 8.0.1, 8.0.2, 9.0.0