CVE-2018-0765: A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability."…

high7.5CVSS 3.0

AVNACLPRNUINSUCNINAH

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.

Affected

29 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	net_core	—	—
microsoft	net_core	—	—
microsoft	net_core	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	powershell_core	—	—
microsoft_corporation	net_framework_and_net_core	—	—
msrc	microsoft_net_framework_2.0_service_pack_2	—	—
msrc	microsoft_net_framework_3.0_service_pack_2	—	—
msrc	microsoft_net_framework_3.5	—	—
msrc	microsoft_net_framework_3.5.1	—	—
msrc	microsoft_net_framework_4.5.2	—	—
msrc	microsoft_net_framework_4.6	—	—
msrc	microsoft_net_framework_4.6.2_4.7_4.7.1	—	—
msrc	microsoft_net_framework_4.6_4.6.1_4.6.2	—	—
msrc	microsoft_net_framework_4.6_4.6.1_4.6.2_4.7_4.7.1	—	—

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

ghsa7.5HIGH

osv7.5HIGH