CVE-2018-0765 – system.security.cryptography.xml

Package

Manager: nuget
Name: system.security.cryptography.xml
Vulnerable Version: >=0 <4.4.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.07821 pctl0.91628

Details

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.

Metadata

Created: 2018-10-16T19:54:06Z
Modified: 2022-04-26T19:04:54Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-35hc-x2cw-2j4v/GHSA-35hc-x2cw-2j4v.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-35hc-x2cw-2j4v
Finding: F083
Auto approve: 1