Описание
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
A memory corruption flaw was found in ASP.NET core. A client can write to freed memory on the server which could result in undefined behavior. An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code by sending specially crafted requests to an ASP.NET Core application.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 2.1 on Red Hat Enterprise Linux | rh-dotnet21 | Not affected | ||
| .NET Core 2.2 on Red Hat Enterprise Linux | rh-dotnet22 | Not affected | ||
| Red Hat Enterprise Linux 8 | dotnet | Not affected | ||
| Red Hat Enterprise Linux 8 | dotnet3.1 | Not affected | ||
| .NET Core on Red Hat Enterprise Linux | rh-dotnet30-dotnet | Fixed | RHSA-2020:0134 | 16.01.2020 |
| .NET Core on Red Hat Enterprise Linux | rh-dotnet31-dotnet | Fixed | RHSA-2020:0134 | 16.01.2020 |
| .NET Core on Red Hat Enterprise Linux | rh-dotnet30-dotnet | Fixed | RHSA-2020:0134 | 16.01.2020 |
| .NET Core on Red Hat Enterprise Linux | rh-dotnet31-dotnet | Fixed | RHSA-2020:0134 | 16.01.2020 |
| Red Hat Enterprise Linux 8 | dotnet3.0 | Fixed | RHSA-2020:0130 | 16.01.2020 |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
Уязвимость программной платформы ASP.NET Core, существующая из-за ошибок обработки объектов в памяти, позволяющая нарушителю выполнить произвольный код
ELSA-2020-0130: .NET Core on Red Hat Enterprise Linux security and bug fix update (CRITICAL)
8.1 High
CVSS3