CVE-2021-24112

Опубликовано: 25 фев. 2021

Источник: redhat

CVSS3: 8.1

Описание

.NET Core Remote Code Execution Vulnerability

A flaw was found in dotnet. When a .NET application utilizing libgdiplus on a non-Windows system accepts input, this flaw allows an attacker to send a specially crafted request that could result in remote code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Отчет

Red Hat Enterprise Linux 8 and the .NET versions as shipped by Red Hat are not affected by this vulnerability since libgdiplus is an optional dependency for .NET and is currently not available for Red Hat Enterprise Linux.

Затронутые пакеты

Платформа	Пакет	Состояние
.NET Core 2.1 on Red Hat Enterprise Linux	rh-dotnet21	Not affected
.NET Core 3.1 on Red Hat Enterprise Linux	rh-dotnet31	Not affected
.NET Core 5.0 on Red Hat Enterprise Linux	rh-dotnet50	Not affected
Red Hat Enterprise Linux 8	dotnet	Not affected
Red Hat Enterprise Linux 8	dotnet3.1	Not affected
Red Hat Enterprise Linux 8	dotnet5.0	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=1933741dotnet: Remote Code Execution Vulnerability

8.1 High

CVSS3

Связанные уязвимости

CVE-2021-24112

CVSS3: 8.1

nvd

почти 5 лет назад

.NET Core Remote Code Execution Vulnerability

CVE-2021-24112

CVSS3: 8.1

msrc

почти 5 лет назад

.NET Core Remote Code Execution Vulnerability

GHSA-rxg9-xrhp-64gj

CVSS3: 9.8

github

больше 3 лет назад

.NET Core Remote Code Execution Vulnerability

BDU:2021-00929

CVSS3: 8.1

fstec

почти 5 лет назад

Уязвимость программной платформы .NET Core, связанная недостаточной проверкой вводимых данных, позволяющая нарушителю выполнить произвольный код

8.1 High

CVSS3