CVE-2018-0764

Impact:
Moderate
Public Date:
2017-11-17
CWE:
CWE-20
Bugzilla:
1533730: CVE-2018-0764 .NET Core: Improper processing of XML documents can cause a denial of service

The MITRE CVE dictionary describes this issue as:

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.

Find out more about CVE-2018-0764 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 5.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
.NET Core 1.1 on Red Hat Enterprise Linux (rh-dotnetcore11-dotnetcore) RHSA-2018:0379 2018-03-01
.NET Core 1.0 on Red Hat Enterprise Linux (rh-dotnetcore10-dotnetcore) RHSA-2018:0379 2018-03-01
.NET Core 2.0 on Red Hat Enterprise Linux (rh-dotnet20-dotnet) RHSA-2018:0379 2018-03-01
Last Modified

CVE description copyright © 2017, The MITRE Corporation