Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka .NET and .NET Core Denial Of Service Vulnerability. This CVE is unique from CVE-2018-0765.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| .net_core | Microsoft | 1.0 (including) | 1.0 (including) |
| .net_core | Microsoft | 1.1 (including) | 1.1 (including) |
| .net_core | Microsoft | 2.0 (including) | 2.0 (including) |
| Powershell_core | Microsoft | 6.0 (including) | 6.0 (including) |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnet20-dotnet-0:2.0.5-1.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnet20-dotnet-0:2.0.5-1.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnet20-dotnet-0:2.0.5-1.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7 | * |
References
- http://www.securityfocus.com/bid/102387
- http://www.securitytracker.com/id/1040152
- https://access.redhat.com/errata/RHSA-2018:0379
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764
- http://www.securityfocus.com/bid/102387
- http://www.securitytracker.com/id/1040152
- https://access.redhat.com/errata/RHSA-2018:0379
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764