CVE-2021-24111

Опубликовано: 09 фев. 2021

Источник: msrc

CVSS3: 7.5

EPSS Средний

Описание

.NET Framework Denial of Service Vulnerability

FAQ

I am running Windows Server 2008, Windows 7, or Windows Server 2008 R2 and I cannot install the Security Only updates for any of the 4.X versions of Microsoft .NET Framework. How do I protect my system from this vulnerability?

There is a known issue with the Monthly Rollup and Security Only updates for the 4.X versions of .NET Framework installed on Windows Server 2008, Windows 7, and Windows Server 2008 R2.

If you are unable to install a Monthly Rollup Security Only update, a version 2 is available that addresses the known issue. See the How to obtain and install the update section of the Article for the update you are attempting to install.
If you are unable to install a Security Only update Monthly Rollup, for a workaround to this known issue see the Known issues in this update section of the Article for the update you are attempting to install.

Обновления

Продукт	Статья	Обновление
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012	4603003 4602959	Monthly Rollup Security Only
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)	4603003 4602959	Monthly Rollup Security Only
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	4603002 4602958	Monthly Rollup Security Only
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1	4603002 4602958	Monthly Rollup Security Only
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1	4603002 4602958	Monthly Rollup Security Only
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1	4603002 4602958	Monthly Rollup Security Only
Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit Systems	4601887	Security Update
Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based Systems	4601887	Security Update
Microsoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation)	4601887	Security Update
Microsoft .NET Framework 4.8 on Windows Server 2019	4601887	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 96%

0.24574

Средний

7.5 High

CVSS3

Связанные уязвимости

CVE-2021-24111

CVSS3: 7.5

redhat

почти 5 лет назад

.NET Framework Denial of Service Vulnerability

CVE-2021-24111

CVSS3: 7.5

nvd

почти 5 лет назад

.NET Framework Denial of Service Vulnerability

GHSA-m42j-hmvj-q2c6

CVSS3: 7.5

github

больше 3 лет назад

.NET Framework Denial of Service Vulnerability

BDU:2021-00897

CVSS3: 7.5

fstec

почти 5 лет назад

Уязвимость программной платформы Microsoft.NET Framework, связанная недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 96%

0.24574

Средний

7.5 High

CVSS3