CVE-2018-0765 — XML External Entity (XXE) Injection in Microsoft NET Core
Severity
7.5HIGHNVD
EPSS
9.9%
top 6.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 9
Latest updateOct 16
Description
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages2 packages
Patches
🔴Vulnerability Details
4OSV▶
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents↗2018-10-16
GHSA▶
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents↗2018-10-16
GHSA▶
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents↗2018-10-16
📋Vendor Advisories
3💬Community
1Bugzilla▶
CVE-2018-0765 dotnet: Improper processing of XML documents can allow a remote attacker to cause a denial of service↗2018-05-10