vulnerability
Oracle Linux: CVE-2020-1108: ELSA-2020-2250: dotnet3.1 security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | 2020-05-12 | 2020-05-15 | 2025-01-07 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
2020-05-12
Added
2020-05-15
Modified
2025-01-07
Description
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
An integer overflow condition was found in dotnet and dotnet3.1's BinaryReader Read7BitEncodedInt() method. This method is used by BinaryReader's ReadString() method, and given a certain input, and cause a denial of service to dotnet applications using BinaryReader. The exploitation of this flaw depends on the application but does not inherently require the attacker to be authenticated or have any specific privileges. An attacker could exploit this flaw remotely via the internet by sending crafted data to a dotnet application that is passed into Read7BitEncodedInt(), resulting in a denial of service when the output is used by ReadString().
An integer overflow condition was found in dotnet and dotnet3.1's BinaryReader Read7BitEncodedInt() method. This method is used by BinaryReader's ReadString() method, and given a certain input, and cause a denial of service to dotnet applications using BinaryReader. The exploitation of this flaw depends on the application but does not inherently require the attacker to be authenticated or have any specific privileges. An attacker could exploit this flaw remotely via the internet by sending crafted data to a dotnet application that is passed into Read7BitEncodedInt(), resulting in a denial of service when the output is used by ReadString().
Solution(s)
oracle-linux-upgrade-aspnetcore-runtime-3-1oracle-linux-upgrade-aspnetcore-targeting-pack-3-1oracle-linux-upgrade-dotnetoracle-linux-upgrade-dotnet-apphost-pack-3-1oracle-linux-upgrade-dotnet-hostoracle-linux-upgrade-dotnet-host-fxr-2-1oracle-linux-upgrade-dotnet-hostfxr-3-1oracle-linux-upgrade-dotnet-runtime-2-1oracle-linux-upgrade-dotnet-runtime-3-1oracle-linux-upgrade-dotnet-sdk-2-1oracle-linux-upgrade-dotnet-sdk-2-1-5xxoracle-linux-upgrade-dotnet-sdk-3-1oracle-linux-upgrade-dotnet-targeting-pack-3-1oracle-linux-upgrade-dotnet-templates-3-1oracle-linux-upgrade-netstandard-targeting-pack-2-1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.