Denial of Service Vulnerability in .NET Core and .NET Framework by Microsoft
CVE-2020-1108

7.5HIGH

Key Information:

Vendor: Microsoft
Status: .net Core; Microsoft Visual Studio 2017 Version 15.9 (includes 15.1 - 15.8); Microsoft Visual Studio 2019; Microsoft Visual Studio 2019 Version 16.4 (includes 16.0 - 16.3)
Vendor: CVE Published:; 21 May 2020

Summary

A vulnerability exists in .NET Core and .NET Framework that could lead to denial of service when they improperly handle web requests. This flaw may allow an attacker to overwhelm the affected application, causing it to crash or become unresponsive. Proper network hygiene and security measures should be implemented to mitigate the risks associated with this vulnerability. For detailed guidance, refer to the Microsoft security advisory.

Affected Version(s)

.NET Core 3.1

.NET Core 2.1

.NET Core 5.0 = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 21, 2020
Vulnerability Reserved
Nov 4, 2019