CVE-2020-0602

CWE-400 — Uncontrolled Resource Consumption7 documents7 sources

Severity

7.5HIGH

EPSS

4.0%

top 11.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Asp.net Core Redhat Enterprise Linux Redhat Enterprise Linux EUS

Timeline

PublishedJan 14

Latest updateMay 24

Description

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages13 packages

▶NuGetMicrosoft.AspNetCore.All2.1.0 — 2.1.15

▶NuGetMicrosoft.AspNetCore.App3.1.0 — 3.1.1+2

▶NuGetMicrosoft.AspNetCore.Http.Connections1.0.0 — 1.0.15

▶NuGetMicrosoft.AspNetCore.App.Runtime.osx-x643.1.0 — 3.1.1

▶NuGetMicrosoft.AspNetCore.App.Runtime.win-arm3.1.0 — 3.1.1

Also affects: Enterprise Linux 8.0, 8.1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

Denial of service in ASP.NET Core↗2022-05-24

▶

GHSA

Denial of service in ASP.NET Core↗2022-05-24

▶

CVEList

CVE-2020-0602: A denial of service vulnerability exists when ASP↗2020-01-14

▶

📋Vendor Advisories

Red Hat

dotnet: Denial of service via backpressure issue↗2020-01-14

▶

Microsoft

ASP.NET Core Denial of Service Vulnerability↗2020-01-14

▶

💬Community

Bugzilla

CVE-2020-0602 dotnet: Denial of service via backpressure issue↗2020-01-09

▶