CVE-2018-0765

HIGH7.5EPSS 9.9%

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents

Published: 10/16/2018Modified: 11/8/2023

Description

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.

Affected packages (1)

NuGet/System.Security.Cryptography.Xmlfrom 0, < 4.4.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (5)

ADVISORYhttps://github.com/advisories/GHSA-35hc-x2cw-2j4v
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-0765
WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765
WEBhttp://www.securityfocus.com/bid/104060
WEBhttp://www.securitytracker.com/id/1040851