CVE-2020-1469
HIGH7.5EPSS 6.2%Infinite loop in .Net Bond
發布日:2022/4/8修改日:2024/2/20
描述
A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. Handling of large container lengths that could cause an infinite loop when deserializing some payloads.
受影響套件(1)
- NuGet/Bond.Core.CSharp>= 3.0.0, < 9.0.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-1469
- WEBhttps://github.com/microsoft/bond
- WEBhttps://github.com/microsoft/bond/commit/3afea822c42dd0095fedb9e7db9ebb99165e7343
- WEBhttps://github.com/microsoft/bond/commit/b0fd4a15a7cae946dd2855122559ca59cc34dbea
- WEBhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1469
- WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1469
- WEBhttps://www.nuget.org/packages/Bond.Core.CSharp/9.0.1