CVE-2019-0864

Опубликовано: 14 мая 2019

Источник: msrc

EPSS Низкий

Описание

.NET Framework Denial of Service Vulnerability

A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

The security update addresses the vulnerability by correcting how .NET Framework handle objects in heap memory.

FAQ

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

Обновления

Продукт	Статья	Обновление
Microsoft .NET Framework 3.5 on Windows Server, version 1903 (Server Core installation)	4495620	Security Update
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for 32-bit Systems	4499167	Security Update
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for x64-based Systems	4499167	Security Update
Microsoft .NET Framework 4.7.2 on Windows Server, version 1803 (Server Core Installation)	4499167	Security Update
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems	4499167	Security Update
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for 32-bit Systems	4499405	Security Update
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for x64-based Systems	4499405	Security Update
Microsoft .NET Framework 4.7.2 on Windows Server 2019	4499405	Security Update
Microsoft .NET Framework 4.7.2 on Windows Server 2019 (Server Core installation)	4499405	Security Update
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1	4499406 4498961	Monthly Rollup Security Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

Permanent

EPSS

Процентиль: 34%

0.00134

Низкий

Связанные уязвимости

CVE-2019-0864

CVSS3: 4.3

redhat

больше 6 лет назад

A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'.

CVE-2019-0864

CVSS3: 5.5

nvd

больше 6 лет назад

A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'.

GHSA-prjj-r5f6-p9xf

CVSS3: 5.5

github

больше 3 лет назад

A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'.

BDU:2019-01925

CVSS3: 5.5

fstec

больше 6 лет назад

Уязвимость программной платформы Microsoft .NET Framework, связанная с переполнением буфера, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 34%

0.00134

Низкий