logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2021-31957 microsoft.netcore.app.ref

Package

Manager: nuget
Name: microsoft.netcore.app.ref
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: N/A

EPSS: 0.03841 pctl0.87726

Details

ASP.NET Core Denial of Service Vulnerability # Withdrawn This advisory was initially published and mapped incorrectly to nuget `Microsoft.NETCore.App.Ref`. We later reanalyzed this advisory and found it does not have a direct mapping to a NuGet package. Thus we have withdrawn this advisory. The underlying ASP.NET Core Denial of Service Vulnerability and CVE-2021-31957 remain legitimate. # Description. Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists when ASP.NET Core improperly handles client disconnect. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. ### Patches * If you're using .NET 5.0, you should download and install Runtime 5.0.7 or SDK 5.0.204 (for Visual Studio 2019 v16.8) or SDK 5.0.301 (for Visual Studio 2019 16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.16 or SDK 3.1.116 (for Visual Studio 2019 v16.4) or 3.1.410 (for Visual Studio 2019 v16.5 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1. #### Other Details - Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/188 - An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/33369 - MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957

Metadata

Created: 2021-10-06T00:23:01Z
Modified: 2021-10-06T00:23:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-mcwm-2wmc-6hv4/GHSA-mcwm-2wmc-6hv4.json
CWE IDs: []
Alternative ID: GHSA-mcwm-2wmc-6hv4
Finding: N/A
Auto approve: 0