5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
59.6%
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
A new version of .NET Core that address security vulnerabilities is now available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507.
Security Fix(es):
dotnet: NuGet Tampering Vulnerability (CVE-2019-0757)
dotnet: timeouts for regular expressions are not enforced (CVE-2019-0820)
dotnet: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)
dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 8 | x86_64 | dotnet-host | <Â 2.1.11-2.el8_0 | dotnet-host-2.1.11-2.el8_0.x86_64.rpm |
RedHat | 8 | x86_64 | dotnet-debugsource | <Â 2.1.507-2.el8_0 | dotnet-debugsource-2.1.507-2.el8_0.x86_64.rpm |
RedHat | 8 | x86_64 | dotnet-host-debuginfo | <Â 2.1.11-2.el8_0 | dotnet-host-debuginfo-2.1.11-2.el8_0.x86_64.rpm |
RedHat | 8 | x86_64 | dotnet | <Â 2.1.507-2.el8_0 | dotnet-2.1.507-2.el8_0.x86_64.rpm |
RedHat | 8 | x86_64 | dotnet-runtime-2.1 | <Â 2.1.11-2.el8_0 | dotnet-runtime-2.1-2.1.11-2.el8_0.x86_64.rpm |
RedHat | 8 | x86_64 | dotnet-runtime-2.1-debuginfo | <Â 2.1.11-2.el8_0 | dotnet-runtime-2.1-debuginfo-2.1.11-2.el8_0.x86_64.rpm |
RedHat | 8 | x86_64 | dotnet-host-fxr-2.1-debuginfo | <Â 2.1.11-2.el8_0 | dotnet-host-fxr-2.1-debuginfo-2.1.11-2.el8_0.x86_64.rpm |
RedHat | 8 | x86_64 | dotnet-host-fxr-2.1 | <Â 2.1.11-2.el8_0 | dotnet-host-fxr-2.1-2.1.11-2.el8_0.x86_64.rpm |
RedHat | 8 | x86_64 | dotnet-sdk-2.1.5xx | <Â 2.1.507-2.el8_0 | dotnet-sdk-2.1.5xx-2.1.507-2.el8_0.x86_64.rpm |
RedHat | 8 | x86_64 | dotnet-sdk-2.1 | <Â 2.1.507-2.el8_0 | dotnet-sdk-2.1-2.1.507-2.el8_0.x86_64.rpm |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
59.6%