Action not permitted
Modal body text goes here.
CVE-2021-1723
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:18:11.552Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "ASP.NET Core 3.1", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "3.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:asp.net_core:5.0:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "ASP.NET Core 5.0", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "5.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "16.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.8", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "16.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] } ], "datePublic": "2021-01-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "ASP.NET Core and Visual Studio Denial of Service Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en-US", "type": "Impact" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-08T16:17:31.472Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723" } ], "title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2021-1723", "datePublished": "2021-01-12T19:42:47", "dateReserved": "2020-12-02T00:00:00", "dateUpdated": "2024-10-08T16:17:31.472Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-1723\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2021-01-12T20:15:34.993\",\"lastModified\":\"2024-10-08T17:15:27.613\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ASP.NET Core and Visual Studio Denial of Service Vulnerability\"},{\"lang\":\"es\",\"value\":\"Una Vulnerabilidad de Denegaci\u00f3n de Servicio de ASP.NET Core y Visual Studio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1\",\"versionEndIncluding\":\"3.1.10\",\"matchCriteriaId\":\"C21F09B3-A69F-43B9-B35E-EBF93314F31E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndIncluding\":\"5.0.1\",\"matchCriteriaId\":\"7C91649F-55B9-4675-BA0F-2B876A73D9A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndIncluding\":\"16.8\",\"matchCriteriaId\":\"FD824DE6-3564-4B7D-B45C-2EEE1F84C9D2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723\",\"source\":\"secure@microsoft.com\"}]}}" } }
rhsa-2021_0094
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.102 and .NET Runtime 5.0.2.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2 (CVE-2021-1723)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0094", "url": "https://access.redhat.com/errata/RHSA-2021:0094" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1914258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914258" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0094.json" } ], "title": "Red Hat Security Advisory: dotnet5.0 security and bugfix update", "tracking": { "current_release_date": "2024-11-22T16:15:28+00:00", "generator": { "date": "2024-11-22T16:15:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0094", "initial_release_date": "2021-01-13T15:03:10+00:00", "revision_history": [ { "date": "2021-01-13T15:03:10+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-01-13T15:03:10+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T16:15:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "aspnetcore-runtime-5.0-0:5.0.2-2.el8_3.x86_64", "product": { "name": "aspnetcore-runtime-5.0-0:5.0.2-2.el8_3.x86_64", "product_id": "aspnetcore-runtime-5.0-0:5.0.2-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-runtime-5.0@5.0.2-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "aspnetcore-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64", "product": { "name": "aspnetcore-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64", "product_id": "aspnetcore-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-5.0@5.0.2-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-0:5.0.102-2.el8_3.x86_64", "product": { "name": "dotnet-0:5.0.102-2.el8_3.x86_64", "product_id": "dotnet-0:5.0.102-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet@5.0.102-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-5.0-0:5.0.2-2.el8_3.x86_64", "product": { "name": "dotnet-apphost-pack-5.0-0:5.0.2-2.el8_3.x86_64", "product_id": "dotnet-apphost-pack-5.0-0:5.0.2-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-5.0@5.0.2-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-host-0:5.0.2-2.el8_3.x86_64", "product": { "name": "dotnet-host-0:5.0.2-2.el8_3.x86_64", "product_id": "dotnet-host-0:5.0.2-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host@5.0.2-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-5.0-0:5.0.2-2.el8_3.x86_64", "product": { "name": "dotnet-hostfxr-5.0-0:5.0.2-2.el8_3.x86_64", "product_id": "dotnet-hostfxr-5.0-0:5.0.2-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-5.0@5.0.2-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-5.0-0:5.0.2-2.el8_3.x86_64", "product": { "name": "dotnet-runtime-5.0-0:5.0.2-2.el8_3.x86_64", "product_id": "dotnet-runtime-5.0-0:5.0.2-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-5.0@5.0.2-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-5.0-0:5.0.102-2.el8_3.x86_64", "product": { "name": "dotnet-sdk-5.0-0:5.0.102-2.el8_3.x86_64", "product_id": "dotnet-sdk-5.0-0:5.0.102-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-5.0@5.0.102-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64", "product": { "name": "dotnet-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64", "product_id": "dotnet-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-targeting-pack-5.0@5.0.2-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-templates-5.0-0:5.0.102-2.el8_3.x86_64", "product": { "name": "dotnet-templates-5.0-0:5.0.102-2.el8_3.x86_64", "product_id": "dotnet-templates-5.0-0:5.0.102-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-templates-5.0@5.0.102-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "netstandard-targeting-pack-2.1-0:5.0.102-2.el8_3.x86_64", "product": { "name": "netstandard-targeting-pack-2.1-0:5.0.102-2.el8_3.x86_64", "product_id": "netstandard-targeting-pack-2.1-0:5.0.102-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@5.0.102-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet5.0-debugsource-0:5.0.102-2.el8_3.x86_64", "product": { "name": "dotnet5.0-debugsource-0:5.0.102-2.el8_3.x86_64", "product_id": "dotnet5.0-debugsource-0:5.0.102-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet5.0-debugsource@5.0.102-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "product": { "name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "product_id": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-5.0-debuginfo@5.0.2-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-host-debuginfo-0:5.0.2-2.el8_3.x86_64", "product": { "name": "dotnet-host-debuginfo-0:5.0.2-2.el8_3.x86_64", "product_id": "dotnet-host-debuginfo-0:5.0.2-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host-debuginfo@5.0.2-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "product": { "name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "product_id": "dotnet-hostfxr-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-5.0-debuginfo@5.0.2-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "product": { "name": "dotnet-runtime-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "product_id": "dotnet-runtime-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-5.0-debuginfo@5.0.2-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-5.0-debuginfo-0:5.0.102-2.el8_3.x86_64", "product": { "name": "dotnet-sdk-5.0-debuginfo-0:5.0.102-2.el8_3.x86_64", "product_id": "dotnet-sdk-5.0-debuginfo-0:5.0.102-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-5.0-debuginfo@5.0.102-2.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet5.0-debuginfo-0:5.0.102-2.el8_3.x86_64", "product": { "name": "dotnet5.0-debuginfo-0:5.0.102-2.el8_3.x86_64", "product_id": "dotnet5.0-debuginfo-0:5.0.102-2.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet5.0-debuginfo@5.0.102-2.el8_3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "dotnet5.0-0:5.0.102-2.el8_3.src", "product": { "name": "dotnet5.0-0:5.0.102-2.el8_3.src", "product_id": "dotnet5.0-0:5.0.102-2.el8_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet5.0@5.0.102-2.el8_3?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-5.0-0:5.0.2-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.2-2.el8_3.x86_64" }, "product_reference": "aspnetcore-runtime-5.0-0:5.0.2-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64" }, "product_reference": "aspnetcore-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-0:5.0.102-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-0:5.0.102-2.el8_3.x86_64" }, "product_reference": "dotnet-0:5.0.102-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-5.0-0:5.0.2-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.2-2.el8_3.x86_64" }, "product_reference": "dotnet-apphost-pack-5.0-0:5.0.2-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64" }, "product_reference": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-0:5.0.2-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-host-0:5.0.2-2.el8_3.x86_64" }, "product_reference": "dotnet-host-0:5.0.2-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-debuginfo-0:5.0.2-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-host-debuginfo-0:5.0.2-2.el8_3.x86_64" }, "product_reference": "dotnet-host-debuginfo-0:5.0.2-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-5.0-0:5.0.2-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.2-2.el8_3.x86_64" }, "product_reference": "dotnet-hostfxr-5.0-0:5.0.2-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64" }, "product_reference": "dotnet-hostfxr-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-5.0-0:5.0.2-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.2-2.el8_3.x86_64" }, "product_reference": "dotnet-runtime-5.0-0:5.0.2-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64" }, "product_reference": "dotnet-runtime-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-5.0-0:5.0.102-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.102-2.el8_3.x86_64" }, "product_reference": "dotnet-sdk-5.0-0:5.0.102-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-5.0-debuginfo-0:5.0.102-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.102-2.el8_3.x86_64" }, "product_reference": "dotnet-sdk-5.0-debuginfo-0:5.0.102-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64" }, "product_reference": "dotnet-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-5.0-0:5.0.102-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-templates-5.0-0:5.0.102-2.el8_3.x86_64" }, "product_reference": "dotnet-templates-5.0-0:5.0.102-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet5.0-0:5.0.102-2.el8_3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet5.0-0:5.0.102-2.el8_3.src" }, "product_reference": "dotnet5.0-0:5.0.102-2.el8_3.src", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet5.0-debuginfo-0:5.0.102-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.102-2.el8_3.x86_64" }, "product_reference": "dotnet5.0-debuginfo-0:5.0.102-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet5.0-debugsource-0:5.0.102-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.102-2.el8_3.x86_64" }, "product_reference": "dotnet5.0-debugsource-0:5.0.102-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "netstandard-targeting-pack-2.1-0:5.0.102-2.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:netstandard-targeting-pack-2.1-0:5.0.102-2.el8_3.x86_64" }, "product_reference": "netstandard-targeting-pack-2.1-0:5.0.102-2.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-1723", "cwe": { "id": "CWE-833", "name": "Deadlock" }, "discovery_date": "2021-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1914258" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-debuginfo-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-templates-5.0-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet5.0-0:5.0.102-2.el8_3.src", "AppStream-8.3.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:netstandard-targeting-pack-2.1-0:5.0.102-2.el8_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-1723" }, { "category": "external", "summary": "RHBZ#1914258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914258" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-1723", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1723" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1723" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/170", "url": "https://github.com/dotnet/announcements/issues/170" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1723", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1723" } ], "release_date": "2021-01-12T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-13T15:03:10+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-debuginfo-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-templates-5.0-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet5.0-0:5.0.102-2.el8_3.src", "AppStream-8.3.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:netstandard-targeting-pack-2.1-0:5.0.102-2.el8_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0094" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-debuginfo-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.2-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-templates-5.0-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet5.0-0:5.0.102-2.el8_3.src", "AppStream-8.3.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.102-2.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:netstandard-targeting-pack-2.1-0:5.0.102-2.el8_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2" } ] }
rhsa-2021_0114
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.111 and .NET Core Runtime 3.1.11.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2 (CVE-2021-1723)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0114", "url": "https://access.redhat.com/errata/RHSA-2021:0114" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1914258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914258" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0114.json" } ], "title": "Red Hat Security Advisory: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update", "tracking": { "current_release_date": "2024-11-22T16:15:34+00:00", "generator": { "date": "2024-11-22T16:15:34+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0114", "initial_release_date": "2021-01-13T19:13:08+00:00", "revision_history": [ { "date": "2021-01-13T19:13:08+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-01-13T19:13:09+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T16:15:34+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7" } } } ], "category": "product_family", "name": ".NET Core on Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "product_id": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-aspnetcore-runtime-3.1@3.1.11-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "product_id": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-aspnetcore-targeting-pack-3.1@3.1.11-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.111-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-apphost-pack-3.1@3.1.11-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-host@3.1.11-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-hostfxr-3.1@3.1.11-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-runtime-3.1@3.1.11-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1@3.1.111-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-targeting-pack-3.1@3.1.11-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-templates-3.1@3.1.111-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64", "product_id": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-netstandard-targeting-pack-2.1@3.1.111-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-debuginfo@3.1.111-1.el7_9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src", "product": { "name": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src", "product_id": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.111-1.el7_9?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-1723", "cwe": { "id": "CWE-833", "name": "Deadlock" }, "discovery_date": "2021-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1914258" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-1723" }, { "category": "external", "summary": "RHBZ#1914258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914258" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-1723", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1723" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1723" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/170", "url": "https://github.com/dotnet/announcements/issues/170" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1723", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1723" } ], "release_date": "2021-01-12T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-13T19:13:08+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0114" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.111-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.111-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.111-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.11-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.111-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.111-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2" } ] }
rhsa-2021_0095
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.111 and .NET Core Runtime 3.1.11.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2 (CVE-2021-1723)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0095", "url": "https://access.redhat.com/errata/RHSA-2021:0095" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1914258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914258" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0095.json" } ], "title": "Red Hat Security Advisory: dotnet3.1 security and bugfix update", "tracking": { "current_release_date": "2024-11-22T16:15:14+00:00", "generator": { "date": "2024-11-22T16:15:14+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0095", "initial_release_date": "2021-01-13T15:02:57+00:00", "revision_history": [ { "date": "2021-01-13T15:02:57+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-01-13T15:02:57+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T16:15:14+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "aspnetcore-runtime-3.1-0:3.1.11-1.el8_3.x86_64", "product": { "name": "aspnetcore-runtime-3.1-0:3.1.11-1.el8_3.x86_64", "product_id": "aspnetcore-runtime-3.1-0:3.1.11-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-runtime-3.1@3.1.11-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "aspnetcore-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64", "product": { "name": "aspnetcore-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64", "product_id": "aspnetcore-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-3.1@3.1.11-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-3.1-0:3.1.11-1.el8_3.x86_64", "product": { "name": "dotnet-apphost-pack-3.1-0:3.1.11-1.el8_3.x86_64", "product_id": "dotnet-apphost-pack-3.1-0:3.1.11-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-3.1@3.1.11-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-3.1-0:3.1.11-1.el8_3.x86_64", "product": { "name": "dotnet-hostfxr-3.1-0:3.1.11-1.el8_3.x86_64", "product_id": "dotnet-hostfxr-3.1-0:3.1.11-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-3.1@3.1.11-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-3.1-0:3.1.11-1.el8_3.x86_64", "product": { "name": "dotnet-runtime-3.1-0:3.1.11-1.el8_3.x86_64", "product_id": "dotnet-runtime-3.1-0:3.1.11-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-3.1@3.1.11-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-3.1-0:3.1.111-1.el8_3.x86_64", "product": { "name": "dotnet-sdk-3.1-0:3.1.111-1.el8_3.x86_64", "product_id": "dotnet-sdk-3.1-0:3.1.111-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-3.1@3.1.111-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64", "product": { "name": "dotnet-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64", "product_id": "dotnet-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-targeting-pack-3.1@3.1.11-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-templates-3.1-0:3.1.111-1.el8_3.x86_64", "product": { "name": "dotnet-templates-3.1-0:3.1.111-1.el8_3.x86_64", "product_id": "dotnet-templates-3.1-0:3.1.111-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-templates-3.1@3.1.111-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet3.1-debugsource-0:3.1.111-1.el8_3.x86_64", "product": { "name": "dotnet3.1-debugsource-0:3.1.111-1.el8_3.x86_64", "product_id": "dotnet3.1-debugsource-0:3.1.111-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet3.1-debugsource@3.1.111-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "product": { "name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "product_id": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-3.1-debuginfo@3.1.11-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "product": { "name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "product_id": "dotnet-hostfxr-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-3.1-debuginfo@3.1.11-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "product": { "name": "dotnet-runtime-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "product_id": "dotnet-runtime-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-3.1-debuginfo@3.1.11-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-3.1-debuginfo-0:3.1.111-1.el8_3.x86_64", "product": { "name": "dotnet-sdk-3.1-debuginfo-0:3.1.111-1.el8_3.x86_64", "product_id": "dotnet-sdk-3.1-debuginfo-0:3.1.111-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-3.1-debuginfo@3.1.111-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet3.1-debuginfo-0:3.1.111-1.el8_3.x86_64", "product": { "name": "dotnet3.1-debuginfo-0:3.1.111-1.el8_3.x86_64", "product_id": "dotnet3.1-debuginfo-0:3.1.111-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet3.1-debuginfo@3.1.111-1.el8_3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "dotnet3.1-0:3.1.111-1.el8_3.src", "product": { "name": "dotnet3.1-0:3.1.111-1.el8_3.src", "product_id": "dotnet3.1-0:3.1.111-1.el8_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet3.1@3.1.111-1.el8_3?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-3.1-0:3.1.11-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.11-1.el8_3.x86_64" }, "product_reference": "aspnetcore-runtime-3.1-0:3.1.11-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64" }, "product_reference": "aspnetcore-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-3.1-0:3.1.11-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.11-1.el8_3.x86_64" }, "product_reference": "dotnet-apphost-pack-3.1-0:3.1.11-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64" }, "product_reference": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-3.1-0:3.1.11-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.11-1.el8_3.x86_64" }, "product_reference": "dotnet-hostfxr-3.1-0:3.1.11-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64" }, "product_reference": "dotnet-hostfxr-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-3.1-0:3.1.11-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.11-1.el8_3.x86_64" }, "product_reference": "dotnet-runtime-3.1-0:3.1.11-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64" }, "product_reference": "dotnet-runtime-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-3.1-0:3.1.111-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.111-1.el8_3.x86_64" }, "product_reference": "dotnet-sdk-3.1-0:3.1.111-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-3.1-debuginfo-0:3.1.111-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.111-1.el8_3.x86_64" }, "product_reference": "dotnet-sdk-3.1-debuginfo-0:3.1.111-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64" }, "product_reference": "dotnet-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-3.1-0:3.1.111-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-templates-3.1-0:3.1.111-1.el8_3.x86_64" }, "product_reference": "dotnet-templates-3.1-0:3.1.111-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet3.1-0:3.1.111-1.el8_3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet3.1-0:3.1.111-1.el8_3.src" }, "product_reference": "dotnet3.1-0:3.1.111-1.el8_3.src", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet3.1-debuginfo-0:3.1.111-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.111-1.el8_3.x86_64" }, "product_reference": "dotnet3.1-debuginfo-0:3.1.111-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet3.1-debugsource-0:3.1.111-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.111-1.el8_3.x86_64" }, "product_reference": "dotnet3.1-debugsource-0:3.1.111-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-1723", "cwe": { "id": "CWE-833", "name": "Deadlock" }, "discovery_date": "2021-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1914258" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.111-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.111-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-templates-3.1-0:3.1.111-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet3.1-0:3.1.111-1.el8_3.src", "AppStream-8.3.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.111-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.111-1.el8_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-1723" }, { "category": "external", "summary": "RHBZ#1914258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914258" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-1723", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1723" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1723" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/170", "url": "https://github.com/dotnet/announcements/issues/170" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1723", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1723" } ], "release_date": "2021-01-12T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-13T15:02:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.111-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.111-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-templates-3.1-0:3.1.111-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet3.1-0:3.1.111-1.el8_3.src", "AppStream-8.3.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.111-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.111-1.el8_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0095" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.111-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.111-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.11-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-templates-3.1-0:3.1.111-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet3.1-0:3.1.111-1.el8_3.src", "AppStream-8.3.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.111-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.111-1.el8_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2" } ] }
rhsa-2021_0096
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-dotnet50-dotnet is now available for .NET on Red Hat\nEnterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.102 and .NET Runtime 5.0.2.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2 (CVE-2021-1723)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0096", "url": "https://access.redhat.com/errata/RHSA-2021:0096" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1914258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914258" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0096.json" } ], "title": "Red Hat Security Advisory: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update", "tracking": { "current_release_date": "2024-11-22T16:15:21+00:00", "generator": { "date": "2024-11-22T16:15:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0096", "initial_release_date": "2021-01-13T15:03:09+00:00", "revision_history": [ { "date": "2021-01-13T15:03:09+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-01-13T15:03:09+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T16:15:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7" } } } ], "category": "product_family", "name": ".NET Core on Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "product_id": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-aspnetcore-runtime-5.0@5.0.2-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "product_id": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-aspnetcore-targeting-pack-5.0@5.0.2-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.102-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-apphost-pack-5.0@5.0.2-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-host@5.0.2-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-hostfxr-5.0@5.0.2-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-runtime-5.0@5.0.2-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-sdk-5.0@5.0.102-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-targeting-pack-5.0@5.0.2-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-templates-5.0@5.0.102-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64", "product_id": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-netstandard-targeting-pack-2.1@5.0.102-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-debuginfo@5.0.102-1.el7_9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src", "product": { "name": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src", "product_id": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.102-1.el7_9?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-1723", "cwe": { "id": "CWE-833", "name": "Deadlock" }, "discovery_date": "2021-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1914258" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-1723" }, { "category": "external", "summary": "RHBZ#1914258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914258" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-1723", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1723" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1723" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/170", "url": "https://github.com/dotnet/announcements/issues/170" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1723", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1723" } ], "release_date": "2021-01-12T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-01-13T15:03:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0096" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.102-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.102-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.102-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.2-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.102-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.102-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2" } ] }
var-202101-1406
Vulnerability from variot
ASP.NET Core and Visual Studio Denial of Service Vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:0096-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0096 Issue date: 2021-01-13 CVE Names: CVE-2021-1723 =====================================================================
- Summary:
An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.102 and .NET Runtime 5.0.2.
Security Fix(es):
- dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2 (CVE-2021-1723)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1914258 - CVE-2021-1723 dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-1723 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIUAwUBX/8ENtzjgjWX9erEAQjh5A/2IdPxRp4QSVH27LBp52uli+P8iYNYUQzJ oSP0BhxXlPnwty70y6h3XF04F2AgWdqddLa07e/lQo/tZfD4x8a7N5qJzCd3AaHy bhQaw5Rs2Yi/JM3l7nJbwL3kMnQ6+rg/w9IZG0JLPjEnURlcJmIArgIuNmWPBoxP GRVhNlEohEwbQhgwwp0PJkIhX9MxvpVT0OPbcUV6TGox65X+b8kMuUfjRhuKdEge l97WHuXTXa6QZMgaH28lSe8Vo6tkhzH89UEgo4CweybzptzPEgNfD4GOfpOrt9HG iqiRhMnpVrfp+nqet1k+seBfjeTkMfZBmrGR8nsU69rCqG85gWvtuT5j5ba5PWRg hHAg/bG4zIRlvRgIgTD00wVkGL0DC4zE/iI3bXZ7ATdl8pCADi1+uRyBwshbjbvL jFo8RrHE4DCtM1+X0jJhPnED3tMQmNQkmYd/sUzj6dM1OfYUFu6CDnyqOo9wIPkD yYTKp1/2lM8eJDtihM4vRRtfBUicagPAQ7Qu52VjDs9PwtSAReDE0FAnnfqfoRqt FXwdqez+GIpc6JgVp+wgof9zY3mq+MKS3WKZwt+v7KUbsSrg0sQTYpuMI+JFjG9l ZzAeU/ifax0HbO4R3rz2evVsT4yLGcSW7Yb/cTuPypLMFojFpSDzpkODfw3TGArj allfL6TeAQ== =fmd6 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1406", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "asp.net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "5.0" }, { "model": "visual studio 2019", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "16.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "32" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "33" }, { "model": "asp.net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "3.1" }, { "model": "visual studio 2019", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "16.8" }, { "model": "asp.net core", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "3.1.10" }, { "model": "asp.net core", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "5.0.1" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-1723" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.1.10", "versionStartIncluding": "3.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.0.1", "versionStartIncluding": "5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.8", "versionStartIncluding": "16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-1723" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "160935" }, { "db": "PACKETSTORM", "id": "160946" }, { "db": "PACKETSTORM", "id": "160930" }, { "db": "PACKETSTORM", "id": "160934" }, { "db": "CNNVD", "id": "CNNVD-202101-809" } ], "trust": 1.0 }, "cve": "CVE-2021-1723", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2021-1723", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-1723", "trust": 1.0, "value": "HIGH" }, { "author": "secure@microsoft.com", "id": "CVE-2021-1723", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202101-809", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-1723", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-1723" }, { "db": "NVD", "id": "CVE-2021-1723" }, { "db": "NVD", "id": "CVE-2021-1723" }, { "db": "CNNVD", "id": "CNNVD-202101-809" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ASP.NET Core and Visual Studio Denial of Service Vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID: RHSA-2021:0096-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0096\nIssue date: 2021-01-13\nCVE Names: CVE-2021-1723 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-dotnet50-dotnet is now available for .NET on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 5.0.102 and .NET Runtime\n5.0.2. \n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock\nwhen using HTTP2 (CVE-2021-1723)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1914258 - CVE-2021-1723 dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-1723\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIUAwUBX/8ENtzjgjWX9erEAQjh5A/2IdPxRp4QSVH27LBp52uli+P8iYNYUQzJ\noSP0BhxXlPnwty70y6h3XF04F2AgWdqddLa07e/lQo/tZfD4x8a7N5qJzCd3AaHy\nbhQaw5Rs2Yi/JM3l7nJbwL3kMnQ6+rg/w9IZG0JLPjEnURlcJmIArgIuNmWPBoxP\nGRVhNlEohEwbQhgwwp0PJkIhX9MxvpVT0OPbcUV6TGox65X+b8kMuUfjRhuKdEge\nl97WHuXTXa6QZMgaH28lSe8Vo6tkhzH89UEgo4CweybzptzPEgNfD4GOfpOrt9HG\niqiRhMnpVrfp+nqet1k+seBfjeTkMfZBmrGR8nsU69rCqG85gWvtuT5j5ba5PWRg\nhHAg/bG4zIRlvRgIgTD00wVkGL0DC4zE/iI3bXZ7ATdl8pCADi1+uRyBwshbjbvL\njFo8RrHE4DCtM1+X0jJhPnED3tMQmNQkmYd/sUzj6dM1OfYUFu6CDnyqOo9wIPkD\nyYTKp1/2lM8eJDtihM4vRRtfBUicagPAQ7Qu52VjDs9PwtSAReDE0FAnnfqfoRqt\nFXwdqez+GIpc6JgVp+wgof9zY3mq+MKS3WKZwt+v7KUbsSrg0sQTYpuMI+JFjG9l\nZzAeU/ifax0HbO4R3rz2evVsT4yLGcSW7Yb/cTuPypLMFojFpSDzpkODfw3TGArj\nallfL6TeAQ==\n=fmd6\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2021-1723" }, { "db": "VULMON", "id": "CVE-2021-1723" }, { "db": "PACKETSTORM", "id": "160935" }, { "db": "PACKETSTORM", "id": "160946" }, { "db": "PACKETSTORM", "id": "160930" }, { "db": "PACKETSTORM", "id": "160934" } ], "trust": 1.35 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-1723", "trust": 2.1 }, { "db": "PACKETSTORM", "id": "160930", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.0129", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-809", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-1723", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "160935", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "160946", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "160934", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-1723" }, { "db": "PACKETSTORM", "id": "160935" }, { "db": "PACKETSTORM", "id": "160946" }, { "db": "PACKETSTORM", "id": "160930" }, { "db": "PACKETSTORM", "id": "160934" }, { "db": "NVD", "id": "CVE-2021-1723" }, { "db": "CNNVD", "id": "CNNVD-202101-809" } ] }, "id": "VAR-202101-1406", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2024-01-03T13:38:54.036000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Microsoft ASP.NET Core and Visual Studio Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=139337" }, { "title": "Red Hat: Important: dotnet5.0 security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210094 - security advisory" }, { "title": "Red Hat: Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210114 - security advisory" }, { "title": "Red Hat: Important: dotnet3.1 security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210095 - security advisory" }, { "title": "Red Hat: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210096 - security advisory" }, { "title": "Arch Linux Advisories: [ASA-202103-17] dotnet-sdk: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202103-17" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-1723 log" }, { "title": "Arch Linux Advisories: [ASA-202103-16] dotnet-runtime: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202103-16" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-1723" }, { "db": "CNNVD", "id": "CNNVD-202101-809" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-1723" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-1723" }, { "trust": 1.0, "url": "https://access.redhat.com/security/cve/cve-2021-1723" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1723" }, { "trust": 0.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rrxherxw4kr5wcp76udw5pc7gx3yqluw/" }, { "trust": 0.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3l27cgrvewupelnjogtcw6gledbecb4b/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-january-2021-34297" }, { "trust": 0.6, "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2020-17007/cve-2021-1723" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/160930/red-hat-security-advisory-2021-0096-01.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/asp-net-core-denial-of-service-via-callbacks-34307" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0129/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2021:0094" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193942" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0095" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0114" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0096" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-1723" }, { "db": "PACKETSTORM", "id": "160935" }, { "db": "PACKETSTORM", "id": "160946" }, { "db": "PACKETSTORM", "id": "160930" }, { "db": "PACKETSTORM", "id": "160934" }, { "db": "NVD", "id": "CVE-2021-1723" }, { "db": "CNNVD", "id": "CNNVD-202101-809" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-1723" }, { "db": "PACKETSTORM", "id": "160935" }, { "db": "PACKETSTORM", "id": "160946" }, { "db": "PACKETSTORM", "id": "160930" }, { "db": "PACKETSTORM", "id": "160934" }, { "db": "NVD", "id": "CVE-2021-1723" }, { "db": "CNNVD", "id": "CNNVD-202101-809" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-12T00:00:00", "db": "VULMON", "id": "CVE-2021-1723" }, { "date": "2021-01-13T15:19:08", "db": "PACKETSTORM", "id": "160935" }, { "date": "2021-01-13T23:19:30", "db": "PACKETSTORM", "id": "160946" }, { "date": "2021-01-13T15:11:46", "db": "PACKETSTORM", "id": "160930" }, { "date": "2021-01-13T15:18:53", "db": "PACKETSTORM", "id": "160934" }, { "date": "2021-01-12T20:15:34.993000", "db": "NVD", "id": "CVE-2021-1723" }, { "date": "2021-01-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-809" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-03-04T00:00:00", "db": "VULMON", "id": "CVE-2021-1723" }, { "date": "2023-12-29T17:15:53.777000", "db": "NVD", "id": "CVE-2021-1723" }, { "date": "2021-01-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-809" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-809" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft ASP.NET Core and Visual Studio Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-809" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-809" } ], "trust": 0.6 } }
ghsa-242j-2gm6-5rwx
Vulnerability from github
A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.
{ "affected": [ { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Server.Kestrel.Core" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.1.25" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-arm" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-arm" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-arm64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-arm64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-x64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-x64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.osx-x64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.osx-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-arm" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-arm" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-arm64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-arm64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-x64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-x86" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-x86" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm" }, "ranges": [ { "events": [ { "introduced": "5.0.1" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ], "versions": [ "5.0.1" ] } ], "aliases": [ "CVE-2021-1723" ], "database_specific": { "cwe_ids": [], "github_reviewed": true, "github_reviewed_at": "2022-10-24T20:26:09Z", "nvd_published_at": "2021-01-12T20:15:00Z", "severity": "HIGH" }, "details": "A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.", "id": "GHSA-242j-2gm6-5rwx", "modified": "2024-10-09T18:33:50Z", "published": "2022-05-24T17:38:51Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1723" }, { "type": "WEB", "url": "https://github.com/dotnet/announcements/issues/170" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW" }, { "type": "WEB", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "ASP.NET Core and Visual Studio Denial of Service Vulnerability" }
gsd-2021-1723
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2021-1723", "description": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "id": "GSD-2021-1723", "references": [ "https://access.redhat.com/errata/RHSA-2021:0114", "https://access.redhat.com/errata/RHSA-2021:0096", "https://access.redhat.com/errata/RHSA-2021:0095", "https://access.redhat.com/errata/RHSA-2021:0094", "https://security.archlinux.org/CVE-2021-1723", "https://linux.oracle.com/cve/CVE-2021-1723.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-1723" ], "details": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "id": "GSD-2021-1723", "modified": "2023-12-13T01:23:22.885223Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2021-1723", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ASP.NET Core 3.1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "3.0", "version_value": "publication" } ] } }, { "product_name": "ASP.NET Core 5.0", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "5.0", "version_value": "publication" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "16.0", "version_value": "publication" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.8", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "16.0", "version_value": "publication" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "16.0.0", "version_value": "publication" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ASP.NET Core and Visual Studio Denial of Service Vulnerability" } ] }, "impact": { "cvss": [ { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "[3.1,3.1.10],[5.0,5.0.1]", "affected_versions": "All versions starting from 3.1 up to 3.1.10, all versions starting from 5.0 up to 5.0.1", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2021-07-08", "description": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.11", "5.0.2" ], "identifier": "CVE-2021-1723", "identifiers": [ "CVE-2021-1723" ], "not_impacted": "All versions before 3.1, all versions after 3.1.10 before 5.0, all versions after 5.0.1", "package_slug": "nuget/Microsoft.AspNetCore.All", "pubdate": "2021-01-12", "solution": "Upgrade to versions 3.1.11, 5.0.2 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "https://github.com/dotnet/announcements/issues/170", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723" ], "uuid": "85bcae0d-669d-49a7-9df7-2e2e2afcec05" }, { "affected_range": "[3.1.0,3.1.11),[5.0.0,5.0.2)", "affected_versions": "All versions starting from 3.1.0 before 3.1.11, all versions starting from 5.0.0 before 5.0.2", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-10-26", "description": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.11", "5.0.2" ], "identifier": "CVE-2021-1723", "identifiers": [ "GHSA-242j-2gm6-5rwx", "CVE-2021-1723" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.11 before 5.0.0, all versions starting from 5.0.2", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-arm", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.11, 5.0.2 or above.", "title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723", "https://github.com/dotnet/announcements/issues/170", "https://github.com/advisories/GHSA-242j-2gm6-5rwx" ], "uuid": "a36dedf9-b28b-45ca-95b5-70c24f63db45" }, { "affected_range": "[3.1.0,3.1.11),[5.0.0,5.0.2)", "affected_versions": "All versions starting from 3.1.0 before 3.1.11, all versions starting from 5.0.0 before 5.0.2", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-10-26", "description": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.11", "5.0.2" ], "identifier": "CVE-2021-1723", "identifiers": [ "GHSA-242j-2gm6-5rwx", "CVE-2021-1723" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.11 before 5.0.0, all versions starting from 5.0.2", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.11, 5.0.2 or above.", "title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723", "https://github.com/dotnet/announcements/issues/170", "https://github.com/advisories/GHSA-242j-2gm6-5rwx" ], "uuid": "39cd82ce-1140-4a8a-8800-d404f8ca691b" }, { "affected_range": "[5.0.1]", "affected_versions": "Version 5.0.1", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-03", "description": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.2" ], "identifier": "CVE-2021-1723", "identifiers": [ "GHSA-242j-2gm6-5rwx", "CVE-2021-1723" ], "not_impacted": "All versions before 5.0.1, all versions after 5.0.1", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.2 or above.", "title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723", "https://github.com/dotnet/announcements/issues/170", "https://github.com/advisories/GHSA-242j-2gm6-5rwx" ], "uuid": "9b539222-7847-46bd-b18b-33374f149a89" }, { "affected_range": "[3.1.0,3.1.11),[5.0.0,5.0.2)", "affected_versions": "All versions starting from 3.1.0 before 3.1.11, all versions starting from 5.0.0 before 5.0.2", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-10-26", "description": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.11", "5.0.2" ], "identifier": "CVE-2021-1723", "identifiers": [ "GHSA-242j-2gm6-5rwx", "CVE-2021-1723" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.11 before 5.0.0, all versions starting from 5.0.2", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.11, 5.0.2 or above.", "title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723", "https://github.com/dotnet/announcements/issues/170", "https://github.com/advisories/GHSA-242j-2gm6-5rwx" ], "uuid": "45d660c0-0a3b-40a4-97d2-45292aabca3d" }, { "affected_range": "[3.1.0,3.1.11),[5.0.0,5.0.2)", "affected_versions": "All versions starting from 3.1.0 before 3.1.11, all versions starting from 5.0.0 before 5.0.2", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-10-26", "description": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.11", "5.0.2" ], "identifier": "CVE-2021-1723", "identifiers": [ "GHSA-242j-2gm6-5rwx", "CVE-2021-1723" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.11 before 5.0.0, all versions starting from 5.0.2", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-x64", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.11, 5.0.2 or above.", "title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723", "https://github.com/dotnet/announcements/issues/170", "https://github.com/advisories/GHSA-242j-2gm6-5rwx" ], "uuid": "49bb246e-a448-4c9f-a951-25dc685b9e52" }, { "affected_range": "[3.1.0,3.1.11),[5.0.0,5.0.2)", "affected_versions": "All versions starting from 3.1.0 before 3.1.11, all versions starting from 5.0.0 before 5.0.2", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-10-26", "description": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.11", "5.0.2" ], "identifier": "CVE-2021-1723", "identifiers": [ "GHSA-242j-2gm6-5rwx", "CVE-2021-1723" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.11 before 5.0.0, all versions starting from 5.0.2", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-x64", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.11, 5.0.2 or above.", "title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723", "https://github.com/dotnet/announcements/issues/170", "https://github.com/advisories/GHSA-242j-2gm6-5rwx" ], "uuid": "3cba4e6f-3191-46a5-8dd0-d30848f30572" }, { "affected_range": "[3.1.0,3.1.11),[5.0.0,5.0.2)", "affected_versions": "All versions starting from 3.1.0 before 3.1.11, all versions starting from 5.0.0 before 5.0.2", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-10-26", "description": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.11", "5.0.2" ], "identifier": "CVE-2021-1723", "identifiers": [ "GHSA-242j-2gm6-5rwx", "CVE-2021-1723" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.11 before 5.0.0, all versions starting from 5.0.2", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.osx-x64", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.11, 5.0.2 or above.", "title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723", "https://github.com/dotnet/announcements/issues/170", "https://github.com/advisories/GHSA-242j-2gm6-5rwx" ], "uuid": "301fb990-1cb6-4786-8ef1-db3270dc02bc" }, { "affected_range": "[3.1.0,3.1.11),[5.0.0,5.0.2)", "affected_versions": "All versions starting from 3.1.0 before 3.1.11, all versions starting from 5.0.0 before 5.0.2", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-10-26", "description": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.11", "5.0.2" ], "identifier": "CVE-2021-1723", "identifiers": [ "GHSA-242j-2gm6-5rwx", "CVE-2021-1723" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.11 before 5.0.0, all versions starting from 5.0.2", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.win-arm", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.11, 5.0.2 or above.", "title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723", "https://github.com/dotnet/announcements/issues/170", "https://github.com/advisories/GHSA-242j-2gm6-5rwx" ], "uuid": "50d4a1c9-1040-4f5c-87fd-9cef8ce53575" }, { "affected_range": "[3.1.0,3.1.11),[5.0.0,5.0.2)", "affected_versions": "All versions starting from 3.1.0 before 3.1.11, all versions starting from 5.0.0 before 5.0.2", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-10-26", "description": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.11", "5.0.2" ], "identifier": "CVE-2021-1723", "identifiers": [ "GHSA-242j-2gm6-5rwx", "CVE-2021-1723" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.11 before 5.0.0, all versions starting from 5.0.2", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.win-arm64", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.11, 5.0.2 or above.", "title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723", "https://github.com/dotnet/announcements/issues/170", "https://github.com/advisories/GHSA-242j-2gm6-5rwx" ], "uuid": "ec9bd81e-4298-414a-a817-ba176c9df9b0" }, { "affected_range": "[3.1.0,3.1.11),[5.0.0,5.0.2)", "affected_versions": "All versions starting from 3.1.0 before 3.1.11, all versions starting from 5.0.0 before 5.0.2", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-10-26", "description": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.11", "5.0.2" ], "identifier": "CVE-2021-1723", "identifiers": [ "GHSA-242j-2gm6-5rwx", "CVE-2021-1723" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.11 before 5.0.0, all versions starting from 5.0.2", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.win-x64", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.11, 5.0.2 or above.", "title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723", "https://github.com/dotnet/announcements/issues/170", "https://github.com/advisories/GHSA-242j-2gm6-5rwx" ], "uuid": "907541a6-0a8b-421f-8b52-b1d2770e8b98" }, { "affected_range": "[3.1.0,3.1.11),[5.0.0,5.0.2)", "affected_versions": "All versions starting from 3.1.0 before 3.1.11, all versions starting from 5.0.0 before 5.0.2", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-10-26", "description": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.11", "5.0.2" ], "identifier": "CVE-2021-1723", "identifiers": [ "GHSA-242j-2gm6-5rwx", "CVE-2021-1723" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.11 before 5.0.0, all versions starting from 5.0.2", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.win-x86", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.11, 5.0.2 or above.", "title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723", "https://github.com/dotnet/announcements/issues/170", "https://github.com/advisories/GHSA-242j-2gm6-5rwx" ], "uuid": "f1f238d7-a542-4dc0-83cb-7d7b688461c7" }, { "affected_range": "(,2.1.25)", "affected_versions": "All versions before 2.1.25", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-10-26", "description": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "2.1.25" ], "identifier": "CVE-2021-1723", "identifiers": [ "GHSA-242j-2gm6-5rwx", "CVE-2021-1723" ], "not_impacted": "All versions starting from 2.1.25", "package_slug": "nuget/Microsoft.AspNetCore.Server.Kestrel.Core", "pubdate": "2022-05-24", "solution": "Upgrade to version 2.1.25 or above.", "title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1723", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723", "https://github.com/dotnet/announcements/issues/170", "https://github.com/advisories/GHSA-242j-2gm6-5rwx" ], "uuid": "b84c8566-f86b-4a58-aaf8-a798160bc624" } ] }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "C21F09B3-A69F-43B9-B35E-EBF93314F31E", "versionEndIncluding": "3.1.10", "versionStartIncluding": "3.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C91649F-55B9-4675-BA0F-2B876A73D9A4", "versionEndIncluding": "5.0.1", "versionStartIncluding": "5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD824DE6-3564-4B7D-B45C-2EEE1F84C9D2", "versionEndIncluding": "16.8", "versionStartIncluding": "16.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "ASP.NET Core and Visual Studio Denial of Service Vulnerability" }, { "lang": "es", "value": "Una Vulnerabilidad de Denegaci\u00f3n de Servicio de ASP.NET Core y Visual Studio" } ], "id": "CVE-2021-1723", "lastModified": "2023-12-29T17:15:53.777", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary" } ] }, "published": "2021-01-12T20:15:34.993", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] } } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.