CVE-2020-0603

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow7 documents7 sources

Severity

8.8HIGH

EPSS

10.8%

top 6.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

3

Microsoft Asp.net Core Redhat Enterprise Linux Redhat Enterprise Linux EUS

Timeline

PublishedJan 14

Latest updateMay 24

Description

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages14 packages

▶NuGetMicrosoft.AspNetCore.All2.1.0 — 2.1.15

▶NuGetMicrosoft.AspNetCore.App3.1.0 — 3.1.1+2

▶NuGetMicrosoft.AspNetCore.Http.Connections1.0.0 — 1.0.15

▶NuGetMicrosoft.AspNetCore.App.Runtime.osx-x643.1.0 — 3.1.1

▶NuGetMicrosoft.AspNetCore.App.Runtime.win-arm3.1.0 — 3.1.1

Also affects: Enterprise Linux 8.0, 8.1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

3

OSV

Remote code execution in ASP.NET Core↗2022-05-24

▶

GHSA

Remote code execution in ASP.NET Core↗2022-05-24

▶

CVEList

CVE-2020-0603: A remote code execution vulnerability exists in ASP↗2020-01-14

▶

📋Vendor Advisories

2

Red Hat

dotnet: Memory Corruption in SignalR↗2020-01-14

▶

Microsoft

ASP.NET Core Remote Code Execution Vulnerability↗2020-01-14

▶

💬Community

1

Bugzilla

CVE-2020-0603 dotnet: Memory Corruption in SignalR↗2020-01-09

▶

CVE-2020-0603 (HIGH CVSS 8.8) | A remote code execution vulnerabili | cvebase.io