CVE-2018-0764 – system.security.cryptography.xml

Package

Manager: nuget
Name: system.security.cryptography.xml
Vulnerable Version: >=0 <4.4.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.22007 pctl0.95567

Details

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.

Metadata

Created: 2018-10-16T17:34:00Z
Modified: 2022-04-27T19:25:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-rr3c-f55v-qhv5/GHSA-rr3c-f55v-qhv5.json
CWE IDs: []
Alternative ID: GHSA-rr3c-f55v-qhv5
Finding: F002
Auto approve: 1