CVE-2018-0764

CWE-20 — Improper Input Validation7 documents7 sources

Severity

7.5HIGH

EPSS

34.7%

top 2.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation .net Framework AND .net Core Microsoft .net Core Microsoft .net Framework +1 more

Timeline

PublishedJan 10

Latest updateOct 16

Description

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5microsoft_corporation/.net_framework_and_.net_coreMicrosoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0

▶NVDmicrosoft/.net_core1.0, 1.1, 2.0+2

▶NVDmicrosoft/powershell_core6.0

▶NVDmicrosoft/.net_framework10 versions+9

▶NuGetSystem.Security.Cryptography.Xml< 4.4.2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents↗2018-10-16

▶

GHSA

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents↗2018-10-16

▶

CVEList

CVE-2018-0764: Microsoft↗2018-01-10

▶

📋Vendor Advisories

Microsoft

.NET and .NET Core Denial of Service Vulnerability↗2018-01-09

▶

Red Hat

Core: Improper processing of XML documents can cause a denial of service↗2017-11-17

▶

💬Community

Bugzilla

CVE-2018-0764 .NET Core: Improper processing of XML documents can cause a denial of service↗2018-01-12

▶