CVE-2020-1469
HIGH7.5EPSS 6.2%Infinite loop in .Net Bond
Published: 4/8/2022Modified: 2/20/2024
Description
A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. Handling of large container lengths that could cause an infinite loop when deserializing some payloads.
Affected packages (1)
- NuGet/Bond.Core.CSharp>= 3.0.0, < 9.0.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-1469
- WEBhttps://github.com/microsoft/bond
- WEBhttps://github.com/microsoft/bond/commit/3afea822c42dd0095fedb9e7db9ebb99165e7343
- WEBhttps://github.com/microsoft/bond/commit/b0fd4a15a7cae946dd2855122559ca59cc34dbea
- WEBhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1469
- WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1469
- WEBhttps://www.nuget.org/packages/Bond.Core.CSharp/9.0.1