Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1aGMteDJjdy0yajR2

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.

Permalink: https://github.com/advisories/GHSA-35hc-x2cw-2j4v
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1aGMteDJjdy0yajR2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: over 1 year ago

CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-35hc-x2cw-2j4v, CVE-2018-0765
References:

Blast Radius: 1.0

Affected Packages

nuget:System.Security.Cryptography.Xml

Dependent packages: 0
Dependent repositories: 0
Downloads: 668,223,888 total
Affected Version Ranges: < 4.4.2
Fixed in: 4.4.2
All affected versions: 4.4.0, 4.4.1
All unaffected versions: 4.4.2, 4.5.0, 4.6.0, 4.7.0, 4.7.1, 5.0.0, 6.0.0, 6.0.1, 7.0.0, 7.0.1, 8.0.0