logo

Database

XML injection (XXE) In system.security.cryptography.xml

Description

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-07652. NVD-2018-07653. OSV-2018-07654. GHSA-35hc-x2cw-2j4v5. GCVE-2018-0765

References

1. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-07652. http://www.securityfocus.com/bid/1040603. http://www.securitytracker.com/id/1040851

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.