Lucene search
GoogleOSV:GHSA-RQRC-8Q8F-CP9CHistoryApr 08, 2022 - 6:11 p.m.
Infinite loop in .Net Bond
2022-04-0818:11:51
Google
osv.dev
23
0.002 Low
EPSS
Percentile
54.8%
A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka ‘Bond Denial of Service Vulnerability’. Handling of large container lengths that could cause an infinite loop when deserializing some payloads.
References
github.com/microsoft/bond
github.com/microsoft/bond/commit/3afea822c42dd0095fedb9e7db9ebb99165e7343
github.com/microsoft/bond/commit/b0fd4a15a7cae946dd2855122559ca59cc34dbea
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1469
nvd.nist.gov/vuln/detail/CVE-2020-1469
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1469
www.nuget.org/packages/Bond.Core.CSharp/9.0.1
Related
github
github
Infinite loop in .Net Bond
2022-04-08 18:11:51
mscve
mscve
Bond Denial of Service Vulnerability
2020-07-14 07:00:00
osv
osv
CVE-2020-1469
2020-07-14 23:15:20
cvelist
cvelist
CVE-2020-1469
2020-07-14 22:54:53
cve
cve
CVE-2020-1469
2020-07-14 23:15:20
prion
prion
Denial of service
2020-07-14 23:15:00
nvd
nvd
CVE-2020-1469
2020-07-14 23:15:20
gitlab
gitlab
Unrestricted Upload of File with Dangerous Type
2022-04-08 00:00:00
kaspersky
kaspersky
KLA11861 Multiple vulnerabilities in Microsoft Products (OSS)
2020-07-14 00:00:00
avleonov
avleonov