Fluid Attacks Database

Description

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
nuget	system.security.cryptography.xml	>=0 <4.4.2	4.4.2

Aliases

1. CVE-2018-07642. NVD-2018-07643. OSV-2018-07644. GHSA-rr3c-f55v-qhv55. GCVE-2018-07646. access.redhat.com

References

1. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-07642. http://www.securityfocus.com/bid/1023873. http://www.securitytracker.com/id/1040152

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.