HIGH 7.5

GHSA-rr3c-f55v-qhv5

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents

Details

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.

Are you affected?

Enter the version of the package you're using.

Affected packages

NuGet / System.Security.Cryptography.Xml

Introduced in: 0 Fixed in: 4.4.2

Fix dotnet add package System.Security.Cryptography.Xml --version 4.4.2

References

https://nvd.nist.gov/vuln/detail/CVE-2018-0764 [ADVISORY]
https://access.redhat.com/errata/RHSA-2018:0379 [WEB]
https://github.com/advisories/GHSA-rr3c-f55v-qhv5 [ADVISORY]
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764 [WEB]
http://www.securityfocus.com/bid/102387 [WEB]
http://www.securitytracker.com/id/1040152 [WEB]