Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2019-0820

Опубликовано: 21 мая 2019
Источник: msrc
EPSS Низкий

Описание

.NET Framework and .NET Core Denial of Service Vulnerability

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application.

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Framework (or .NET core) application.

The update addresses the vulnerability by correcting how .NET Framework and .NET Core applications handle RegEx string processing.

Обновления

ПродуктСтатьяОбновление
.NET Core 1.0
Release Notes
Security Update
.NET Core 1.1
Release Notes
Security Update
PowerShell Core 6.1
Release Notes
Security Update
.NET Core 2.1
Release Notes
Security Update
.NET Core 2.2
Release Notes
Security Update
PowerShell Core 6.2
Release Notes
Security Update
Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for x64-based Systems
4495620
Security Update
Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for 32-bit Systems
4495620
Security Update
Microsoft .NET Framework 3.5 on Windows Server, version 1903 (Server Core installation)
4495620
Security Update
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for 32-bit Systems
4499167
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

Permanent

EPSS

Процентиль: 84%
0.02248
Низкий

Связанные уязвимости

redhat логотип

CVE-2019-0820

CVSS3: 7.5
redhat
больше 6 лет назад

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

nvd логотип

CVE-2019-0820

CVSS3: 7.5
nvd
больше 6 лет назад

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

github логотип

GHSA-cmhx-cq75-c4mj

CVSS3: 7.5
github
около 4 лет назад

Regular Expression Denial of Service in System.Text.RegularExpressions

fstec логотип

BDU:2019-01933

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость программных платформ .NET Core и Microsoft .NET Framework, связанная с ошибками при обработке регулярных выражений,позволяющая нарушителю вызвать отказ в обслуживании

oracle-oval логотип

ELSA-2019-1259

oracle-oval
около 6 лет назад

ELSA-2019-1259: dotnet security, bug fix, and enhancement update (IMPORTANT)

EPSS

Процентиль: 84%
0.02248
Низкий