CVE-2021-26701Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft NET Core 2.1

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
8.1HIGHCNA
GHSA9.8OSV9.8
No vector
EPSS
2.7%
top 14.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Microsoft Visual Studio 2017 Version 15.9Microsoft Visual Studio 2019 Version 16.4Microsoft Visual Studio 2019 Version 16.7+10 more
Timeline
PublishedFeb 25
Latest updateMay 24

Description

.NET Core Remote Code Execution Vulnerability .NET Core Remote Code Execution Vulnerability

Affected Packages13 packages

CVEListV5microsoft/net_core_2.12.1publication
CVEListV5microsoft/net_core_3.13.1publication
CVEListV5microsoft/powershell_core_7.07.0.0publication
CVEListV5microsoft/powershell_core_7.17.1.0publication
CVEListV5microsoft/net_5.05.0.0publication

🔴Vulnerability Details

4
GHSA
.NET Core Remote Code Execution Vulnerability2022-05-24
GHSA
.NET Core Remote Code Execution Vulnerability2021-04-21
OSV
.NET Core Remote Code Execution Vulnerability2021-04-21
CVEList
.NET Core Remote Code Execution Vulnerability2021-02-25

📋Vendor Advisories

3
Palo Alto
Informational: Impact of Microsoft PowerShell Vulnerability CVE-2021-26701 on Cortex XSOAR2021-08-11
Red Hat
dotnet: System.Text.Encodings.Web Remote Code Execution2021-02-25
Microsoft
.NET Core Remote Code Execution Vulnerability2021-02-09
CVE-2021-26701 — Microsoft NET Core 2.1 vulnerability | cvebase