CVE-2020-1108

Опубликовано: 12 мая 2020

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

An integer overflow condition was found in dotnet and dotnet3.1's BinaryReader Read7BitEncodedInt() method. This method is used by BinaryReader's ReadString() method, and given a certain input, and cause a denial of service to dotnet applications using BinaryReader. The exploitation of this flaw depends on the application but does not inherently require the attacker to be authenticated or have any specific privileges. An attacker could exploit this flaw remotely via the internet by sending crafted data to a dotnet application that is passed into Read7BitEncodedInt(), resulting in a denial of service when the output is used by ReadString().

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 8	dotnet3.0	Not affected
.NET Core on Red Hat Enterprise Linux	rh-dotnet21	Fixed	RHSA-2020:2146	13.05.2020
.NET Core on Red Hat Enterprise Linux	rh-dotnet21-dotnet	Fixed	RHSA-2020:2146	13.05.2020
.NET Core on Red Hat Enterprise Linux	rh-dotnet21	Fixed	RHSA-2020:2476	10.06.2020
.NET Core on Red Hat Enterprise Linux	rh-dotnet21-dotnet	Fixed	RHSA-2020:2476	10.06.2020
.NET Core on Red Hat Enterprise Linux	rh-dotnet31-dotnet	Fixed	RHSA-2020:2249	21.05.2020
.NET Core on Red Hat Enterprise Linux	rh-dotnet31-dotnet	Fixed	RHSA-2020:2475	10.06.2020
Red Hat Enterprise Linux 8	dotnet	Fixed	RHSA-2020:2143	13.05.2020
Red Hat Enterprise Linux 8	dotnet3.1	Fixed	RHSA-2020:2250	21.05.2020
Red Hat Enterprise Linux 8	dotnet3.1	Fixed	RHSA-2020:2450	09.06.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-20->CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=1827643dotnet: Denial of service via untrusted input

EPSS

Процентиль: 88%

0.03788

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-1108

CVSS3: 7.5

nvd

больше 5 лет назад

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

CVE-2020-1108

msrc

больше 5 лет назад

.NET Core & .NET Framework Denial of Service Vulnerability

GHSA-3w5p-jhp5-c29q

CVSS3: 7.5

github

больше 3 лет назад

.NET Core & .NET Framework Denial of Service Vulnerability

ELSA-2020-2471

oracle-oval

больше 5 лет назад

ELSA-2020-2471: .NET Core on Red Hat Enterprise Linux 8 security update (IMPORTANT)

ELSA-2020-2450

oracle-oval

больше 5 лет назад

ELSA-2020-2450: .NET Core 3.1 on Red Hat Enterprise Linux 8 security update (IMPORTANT)

EPSS

Процентиль: 88%

0.03788

Низкий

7.5 High

CVSS3