CVE-2019-1301

Impact:
Moderate
Public Date:
2019-09-10
CWE:
CWE-20
Bugzilla:
1750793: CVE-2019-1301 dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service

The MITRE CVE dictionary describes this issue as:

A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'.

Find out more about CVE-2019-1301 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 5.9
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
.NET Core on Red Hat Enterprise Linux (rh-dotnet21) RHSA-2019:2732 2019-09-12
.NET Core on Red Hat Enterprise Linux (rh-dotnet22) RHSA-2019:2732 2019-09-12
Red Hat Enterprise Linux 8 (dotnet) RHSA-2019:2731 2019-09-12

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation