Описание
ASP.NET Core and Visual Studio Denial of Service Vulnerability
A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 2.1 on Red Hat Enterprise Linux | rh-dotnet21 | Not affected | ||
| Red Hat Enterprise Linux 8 | dotnet | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet3.1 | Not affected | ||
| .NET Core on Red Hat Enterprise Linux | rh-dotnet31-dotnet | Fixed | RHSA-2021:0114 | 13.01.2021 |
| .NET Core on Red Hat Enterprise Linux | rh-dotnet50-dotnet | Fixed | RHSA-2021:0096 | 13.01.2021 |
| Red Hat Enterprise Linux 8 | dotnet5.0 | Fixed | RHSA-2021:0094 | 13.01.2021 |
| Red Hat Enterprise Linux 8 | dotnet3.1 | Fixed | RHSA-2021:0095 | 13.01.2021 |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-833
https://bugzilla.redhat.com/show_bug.cgi?id=1914258dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2
EPSS
Процентиль: 87%
0.03386
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
больше 4 лет назад
ASP.NET Core and Visual Studio Denial of Service Vulnerability
CVSS3: 7.5
msrc
больше 4 лет назад
ASP.NET Core and Visual Studio Denial of Service Vulnerability
CVSS3: 7.5
github
около 3 лет назад
ASP.NET Core and Visual Studio Denial of Service Vulnerability
oracle-oval
больше 4 лет назад
ELSA-2021-0095: dotnet3.1 security and bugfix update (IMPORTANT)
oracle-oval
больше 4 лет назад
ELSA-2021-0094: dotnet5.0 security and bugfix update (IMPORTANT)
EPSS
Процентиль: 87%
0.03386
Низкий
7.5 High
CVSS3