CVE-2018-0765

HIGH7.5EPSS 9.9%

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents

發布日:2018/10/16修改日:2023/11/8

描述

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.

受影響套件(1)

NuGet/System.Security.Cryptography.Xmlfrom 0, < 4.4.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(5)

ADVISORYhttps://github.com/advisories/GHSA-35hc-x2cw-2j4v
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-0765
WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765
WEBhttp://www.securityfocus.com/bid/104060
WEBhttp://www.securitytracker.com/id/1040851