CVE-2020-1108

描述

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

受影響套件(15)

• Bitnami/dotnet>= 5.0-preview1.0, <= 5.0-preview1.0, >= 5.0-preview2.0, <= 5.0-preview2.0, >= 5.0-preview3.0, <= 5.0-preview3.0
• Bitnami/dotnet-sdk>= 5.0-preview1.0, <= 5.0-preview1.0, >= 5.0-preview2.0, <= 5.0-preview2.0, >= 5.0-preview3.0, <= 5.0-preview3.0
• Bitnami/powershell>= 7.0.0, <= 7.0.0
• NuGet/Microsoft.NETCore.App>= 2.1.0, < 2.1.18
• NuGet/Microsoft.NETCore.App.Runtime.linux-arm>= 3.1.0, < 3.1.4
• NuGet/Microsoft.NETCore.App.Runtime.linux-arm64>= 3.1.0, < 3.1.4
• NuGet/Microsoft.NETCore.App.Runtime.linux-musl-arm64>= 3.1.0, < 3.1.4
• NuGet/Microsoft.NETCore.App.Runtime.linux-musl-x64>= 3.1.0, < 3.1.4
• NuGet/Microsoft.NETCore.App.Runtime.linux-x64>= 3.1.0, < 3.1.4
• NuGet/Microsoft.NETCore.App.Runtime.osx-x64>= 3.1.0, < 3.1.4
• NuGet/Microsoft.NETCore.App.Runtime.rhel.6-x64>= 3.1.0, < 3.1.4
• NuGet/Microsoft.NETCore.App.Runtime.win-arm>= 3.1.0, < 3.1.4
• NuGet/Microsoft.NETCore.App.Runtime.win-arm64>= 3.1.0, < 3.1.4
• NuGet/Microsoft.NETCore.App.Runtime.win-x64>= 3.1.0, < 3.1.4
• NuGet/Microsoft.NETCore.App.Runtime.win-x86>= 3.1.0, < 3.1.4

CVSS 分數

參考連結(3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-1108
• WEBhttps://github.com/dotnet/announcements/issues/157
• WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108