vulnerability
Oracle Linux: CVE-2020-1108: ELSA-2020-2250: dotnet3.1 security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | May 12, 2020 | May 15, 2020 | Jan 7, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
May 12, 2020
Added
May 15, 2020
Modified
Jan 7, 2025
Description
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
An integer overflow condition was found in dotnet and dotnet3.1's BinaryReader Read7BitEncodedInt() method. This method is used by BinaryReader's ReadString() method, and given a certain input, and cause a denial of service to dotnet applications using BinaryReader. The exploitation of this flaw depends on the application but does not inherently require the attacker to be authenticated or have any specific privileges. An attacker could exploit this flaw remotely via the internet by sending crafted data to a dotnet application that is passed into Read7BitEncodedInt(), resulting in a denial of service when the output is used by ReadString().
An integer overflow condition was found in dotnet and dotnet3.1's BinaryReader Read7BitEncodedInt() method. This method is used by BinaryReader's ReadString() method, and given a certain input, and cause a denial of service to dotnet applications using BinaryReader. The exploitation of this flaw depends on the application but does not inherently require the attacker to be authenticated or have any specific privileges. An attacker could exploit this flaw remotely via the internet by sending crafted data to a dotnet application that is passed into Read7BitEncodedInt(), resulting in a denial of service when the output is used by ReadString().
Solution(s)
oracle-linux-upgrade-aspnetcore-runtime-3-1oracle-linux-upgrade-aspnetcore-targeting-pack-3-1oracle-linux-upgrade-dotnetoracle-linux-upgrade-dotnet-apphost-pack-3-1oracle-linux-upgrade-dotnet-hostoracle-linux-upgrade-dotnet-host-fxr-2-1oracle-linux-upgrade-dotnet-hostfxr-3-1oracle-linux-upgrade-dotnet-runtime-2-1oracle-linux-upgrade-dotnet-runtime-3-1oracle-linux-upgrade-dotnet-sdk-2-1oracle-linux-upgrade-dotnet-sdk-2-1-5xxoracle-linux-upgrade-dotnet-sdk-3-1oracle-linux-upgrade-dotnet-targeting-pack-3-1oracle-linux-upgrade-dotnet-templates-3-1oracle-linux-upgrade-netstandard-targeting-pack-2-1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.