CVE-2020-16937

CWE-200 — Information Exposure5 documents5 sources

Severity

5.5MEDIUM

EPSS

8.7%

top 7.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

13

Microsoft Microsoft .net Framework 2.0 Service Pack 2 Microsoft Microsoft .net Framework 3.5 Microsoft Microsoft .net Framework 3.5.1 +10 more

Timeline

PublishedOct 16

Latest updateMay 24

Description

An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory. To exploit the vulnerability, an authenticated attacker would need to run a specially crafted application. The update addresses the vulnerability by correcting how the .NET Framework handles objects in memory.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages13 packages

▶CVEListV5microsoft/microsoft_.net_framework_3.53.5.0 — publication

▶CVEListV5microsoft/microsoft_.net_framework_4.64.0.0.0 — publication

▶CVEListV5microsoft/microsoft_.net_framework_4.84.8.0 — publication

▶CVEListV5microsoft/microsoft_.net_framework_3.5.13.5.0 — publication

▶CVEListV5microsoft/microsoft_.net_framework_4.5.24.0.0.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-rc5w-jj6x-53wj: An information disclosure vulnerability exists when the↗2022-05-24

▶

CVEList

.NET Framework Information Disclosure Vulnerability↗2020-10-16

▶

📋Vendor Advisories

2

Red Hat

dotnet: .NET Framework improperly handles objects in memory which could result in Information Disclosure↗2020-10-21

▶

Microsoft

.NET Framework Information Disclosure Vulnerability↗2020-10-13

▶