CVE-2019-0820

CWE-400Uncontrolled Resource ConsumptionCWE-1333CWE-83512 documents7 sources
Severity
7.5HIGH
EPSS
2.7%
top 14.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
49
Microsoft .net CoreMicrosoft Microsoft .net Framework 2.0Microsoft Microsoft .net Framework 3.0+46 more
Timeline
PublishedMay 16
Latest updateMay 24

Description

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages47 packages

Also affects: Enterprise Linux 8.0, 8.1, 8.2, 8.4, 8.6

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

5
GHSA
Denial of service in ASP.NET Core2022-05-24
GHSA
Denial of service in ASP.NET Core2022-05-24
GHSA
Regular Expression Denial of Service in System.Text.RegularExpressions2021-08-04
OSV
Regular Expression Denial of Service in System.Text.RegularExpressions2021-08-04
CVEList
CVE-2019-0820: A denial of service vulnerability exists when2019-05-16

📋Vendor Advisories

4
Red Hat
dotnet: timeouts for regular expressions are not enforced2019-05-14
Microsoft
.NET Framework and .NET Core Denial of Service Vulnerability2019-05-14
Red Hat
dotnet: infinite loop in Uri.TryCreate leading to ASP.Net Core Denial of Service2019-05-14
Red Hat
dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service2019-05-14

💬Community

2
Bugzilla
CVE-2019-5051 SDL2_image: missing error handler when loading a PCX file can lead to a heap-based buffer overflow and potential code execution2019-11-29
Bugzilla
CVE-2019-0820 dotnet: timeouts for regular expressions are not enforced2019-05-02