{ "threat_severity" : "Important", "public_date" : "2026-05-12T16:59:06Z", "bugzilla" : { "description" : "dotnet: .NET: infinite loop allows an attacker to cause a denial of service", "id" : "2476605", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2476605" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-835", "details" : [ "Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.", "A flaw was found in dotnet. An infinite loop in ASP.NET Core allows an unauthenticated remote attacker to cause a denial of service over a network. This issue can lead to an application crash and a high consumption of system resources." ], "statement" : "As this flaw allows an unauthenticated remote attacker to cause a denial of service, it has been rated with an important severity.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-05-27T00:00:00Z", "advisory" : "RHSA-2026:21286", "cpe" : "cpe:/o:redhat:enterprise_linux:10.2", "package" : "dotnet8.0-0:8.0.127-1.el10_2" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-05-28T00:00:00Z", "advisory" : "RHSA-2026:21754", "cpe" : "cpe:/o:redhat:enterprise_linux:10.2", "package" : "dotnet9.0-0:9.0.117-1.el10_2" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-05-27T00:00:00Z", "advisory" : "RHSA-2026:21291", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "dotnet8.0-0:8.0.127-1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-05-27T00:00:00Z", "advisory" : "RHSA-2026:21294", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "dotnet9.0-0:9.0.117-1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-05-27T00:00:00Z", "advisory" : "RHSA-2026:21295", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "dotnet10.0-0:10.0.108-1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-27T00:00:00Z", "advisory" : "RHSA-2026:21293", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "dotnet8.0-0:8.0.127-1.el9_8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-27T00:00:00Z", "advisory" : "RHSA-2026:21296", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "dotnet9.0-0:9.0.117-1.el9_8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-27T00:00:00Z", "advisory" : "RHSA-2026:21297", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "dotnet10.0-0:10.0.108-1.el9_8" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-05-14T00:00:00Z", "advisory" : "RHSA-2026:17464", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "dotnet10-0-main-10.0.108-1.hum1" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-05-14T00:00:00Z", "advisory" : "RHSA-2026:17527", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "dotnet9-0-main-9.0.117-1.hum1" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-05-14T00:00:00Z", "advisory" : "RHSA-2026:17682", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "dotnet8-0-main-8.0.127-1.hum1" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "dotnet10.0", "cpe" : "cpe:/o:redhat:enterprise_linux:10" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-42899\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-42899\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42899" ], "name" : "CVE-2026-42899", "mitigation" : { "value" : "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang" : "en:us" }, "csaw" : false }