HIGH 7.5

GHSA-35hc-x2cw-2j4v

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents

Details

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.

Are you affected?

Enter the version of the package you're using.

Affected packages

NuGet / System.Security.Cryptography.Xml

Introduced in: 0 Fixed in: 4.4.2

Fix dotnet add package System.Security.Cryptography.Xml --version 4.4.2

References

https://nvd.nist.gov/vuln/detail/CVE-2018-0765 [ADVISORY]
https://github.com/advisories/GHSA-35hc-x2cw-2j4v [ADVISORY]
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765 [WEB]
http://www.securityfocus.com/bid/104060 [WEB]
http://www.securitytracker.com/id/1040851 [WEB]