CVE-2018-0875

7 documents7 sources

Severity

7.5HIGH

EPSS

16.9%

top 5.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation .net Core Microsoft Asp.net Core Microsoft Powershell Core

Timeline

PublishedMar 14

Latest updateMay 13

Description

.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDmicrosoft/powershell_core6.0

▶NuGetMicrosoft.NETCore.Jit2.0.0 — 2.0.6+2

▶NVDmicrosoft/asp.net_core1.0, 1.1, 2.0+2

▶CVEListV5microsoft_corporation/.net_core.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability".

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

.NET Core Denial of Service Vulnerability↗2022-05-13

▶

GHSA

.NET Core Denial of Service Vulnerability↗2022-05-13

▶

CVEList

CVE-2018-0875↗2018-03-14

▶

📋Vendor Advisories

Red Hat

Core: Hash Collision Denial of Service↗2018-03-13

▶

Microsoft

.NET Core Denial of Service Vulnerability↗2018-03-13

▶

💬Community

Bugzilla

CVE-2018-0875 .NET Core: Hash Collision Denial of Service↗2018-03-06

▶