Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJyM2MtZjU1di1xaHY1
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.
Permalink: https://github.com/advisories/GHSA-rr3c-f55v-qhv5JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJyM2MtZjU1di1xaHY1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 6 years ago
Updated: almost 2 years ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Percentage: 0.0041
EPSS Percentile: 0.74512
Identifiers: GHSA-rr3c-f55v-qhv5, CVE-2018-0764
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-0764
- https://access.redhat.com/errata/RHSA-2018:0379
- https://github.com/advisories/GHSA-rr3c-f55v-qhv5
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764
- http://www.securityfocus.com/bid/102387
- http://www.securitytracker.com/id/1040152
Affected Packages
nuget:System.Security.Cryptography.Xml
Dependent packages: 317Dependent repositories: 0
Downloads: 813,023,905 total
Affected Version Ranges: < 4.4.2
Fixed in: 4.4.2
All affected versions: 4.4.0, 4.4.1
All unaffected versions: 4.4.2, 4.5.0, 4.6.0, 4.7.0, 4.7.1, 5.0.0, 6.0.0, 6.0.1, 6.0.2, 7.0.0, 7.0.1, 8.0.0, 8.0.1, 8.0.2, 9.0.0