CVE-2020-0789

CWE-594 documents4 sources

Severity

7.1HIGH

EPSS

0.3%

top 46.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Visual Studio 2019 Microsoft Microsoft Visual Studio 2019 Microsoft Microsoft Visual Studio 2019 Version 16.4 (includes 16.0 - 16.3)

Timeline

PublishedMar 12

Latest updateMay 24

Description

A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extension Installer Service Denial of Service Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

▶NVDmicrosoft/visual_studio_201916.0 — 16.4

▶CVEListV5microsoft/microsoft_visual_studio_201916.0

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.4_(includes_16.0_-_16.3)unspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-9p8g-4m8r-qpv5: A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extensio↗2022-05-24

▶

CVEList

CVE-2020-0789: A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extensio↗2020-03-12

▶

📋Vendor Advisories

Microsoft

Visual Studio Extension Installer Service Denial of Service Vulnerability↗2020-03-10

▶