Action not permitted
Modal body text goes here.
CVE-2022-29117
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:10:59.422Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117" }, { "name": "FEDORA-2022-d69fee9f38", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/" }, { "name": "FEDORA-2022-9a1d5ea33c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/" }, { "name": "FEDORA-2022-256d559f0c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET 6.0", "vendor": "Microsoft", "versions": [ { "lessThan": "6.0.5", "status": "affected", "version": "6.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET Core 3.1", "vendor": "Microsoft", "versions": [ { "lessThan": "3.1.25", "status": "affected", "version": "3.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET 5.0", "vendor": "Microsoft", "versions": [ { "lessThan": "5.0.17", "status": "affected", "version": "5.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.0", "vendor": "Microsoft", "versions": [ { "lessThan": "17.0.10", "status": "affected", "version": "17.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.9.21", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.1", "vendor": "Microsoft", "versions": [ { "lessThan": "17.1.7", "status": "affected", "version": "17.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.14", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] } ], "datePublic": "2022-05-10T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": ".NET and Visual Studio Denial of Service Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en-US", "type": "Impact" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-29T14:27:38.581Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117" }, { "name": "FEDORA-2022-d69fee9f38", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/" }, { "name": "FEDORA-2022-9a1d5ea33c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/" }, { "name": "FEDORA-2022-256d559f0c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/" } ], "title": ".NET and Visual Studio Denial of Service Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2022-29117", "datePublished": "2022-05-10T20:34:23", "dateReserved": "2022-04-12T00:00:00", "dateUpdated": "2024-08-03T06:10:59.422Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-29117\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2022-05-10T21:15:11.877\",\"lastModified\":\"2023-12-21T00:15:16.690\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\".NET and Visual Studio Denial of Service Vulnerability\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Denegaci\u00f3n de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-23267, CVE-2022-29145\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8F02D5C-61F1-4381-8D64-8BEB5CED0DC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DE0C8DD-9C73-4876-8193-068F18074B58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:3.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"70BE107E-20A0-4998-A8ED-BCC414C6BDBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndIncluding\":\"16.0.11\",\"matchCriteriaId\":\"6EDDFE7B-C13D-4EF8-B288-0919CF7394F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3393F97F-05CD-4B04-A6E1-3D914652C4E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"950638D8-6997-4058-8A9E-6153A7FC3B32\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}],\"references\":[{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}" } }
gsd-2022-29117
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2022-29117", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "id": "GSD-2022-29117", "references": [ "https://linux.oracle.com/cve/CVE-2022-29117.html", "https://access.redhat.com/errata/RHSA-2022:2194", "https://access.redhat.com/errata/RHSA-2022:2195", "https://access.redhat.com/errata/RHSA-2022:2196", "https://access.redhat.com/errata/RHSA-2022:2199", "https://access.redhat.com/errata/RHSA-2022:2200", "https://access.redhat.com/errata/RHSA-2022:2202", "https://access.redhat.com/errata/RHSA-2022:4588", "https://www.suse.com/security/cve/CVE-2022-29117.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-29117" ], "details": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "id": "GSD-2022-29117", "modified": "2023-12-13T01:19:42.205104Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-29117", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": ".NET 6.0", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "6.0.0", "version_value": "6.0.5" } ] } }, { "product_name": ".NET Core 3.1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "3.1", "version_value": "3.1.25" } ] } }, { "product_name": ".NET 5.0", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "5.0.0", "version_value": "5.0.17" } ] } }, { "product_name": "Microsoft Visual Studio 2022 version 17.0", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "17.0.0", "version_value": "17.0.10" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "15.0.0", "version_value": "16.9.21" } ] } }, { "product_name": "Microsoft Visual Studio 2022 version 17.1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "17.0.0", "version_value": "17.1.7" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "16.11.0", "version_value": "16.11.14" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": ".NET and Visual Studio Denial of Service Vulnerability" } ] }, "impact": { "cvss": [ { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "[3.0.0,3.1.24],[5.0.0,5.0.16],[6.0.0,6.0.4]", "affected_versions": "All versions starting from 3.0.0 up to 3.1.24, all versions starting from 5.0.0 up to 5.0.16, all versions starting from 6.0.0 up to 6.0.4", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-08-30", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "fixed_versions": [ "3.1.25", "5.0.17", "6.0.5" ], "identifier": "CVE-2022-29117", "identifiers": [ "GHSA-3rq8-h3gj-r5c6", "CVE-2022-29117" ], "not_impacted": "All versions before 3.0.0, all versions after 3.1.24 before 5.0.0, all versions after 5.0.16 before 6.0.0, all versions after 6.0.4", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-arm", "pubdate": "2022-08-30", "solution": "Upgrade to versions 3.1.25, 5.0.17, 6.0.5 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6", "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "https://github.com/advisories/GHSA-3rq8-h3gj-r5c6" ], "uuid": "ff7156e4-6f6f-4326-bf3f-ed3e65f8b318" }, { "affected_range": "[3.0.0,3.1.24],[5.0.0,5.0.16],[6.0.0,6.0.4]", "affected_versions": "All versions starting from 3.0.0 up to 3.1.24, all versions starting from 5.0.0 up to 5.0.16, all versions starting from 6.0.0 up to 6.0.4", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-08-30", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "fixed_versions": [ "3.1.25", "5.0.17", "6.0.5" ], "identifier": "CVE-2022-29117", "identifiers": [ "GHSA-3rq8-h3gj-r5c6", "CVE-2022-29117" ], "not_impacted": "All versions before 3.0.0, all versions after 3.1.24 before 5.0.0, all versions after 5.0.16 before 6.0.0, all versions after 6.0.4", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64", "pubdate": "2022-08-30", "solution": "Upgrade to versions 3.1.25, 5.0.17, 6.0.5 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6", "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "https://github.com/advisories/GHSA-3rq8-h3gj-r5c6" ], "uuid": "3e82d40f-ceb7-4e8b-a93b-8846532c3634" }, { "affected_range": "[3.0.0,3.1.24],[5.0.0,5.0.16],[6.0.0,6.0.4]", "affected_versions": "All versions starting from 3.0.0 up to 3.1.24, all versions starting from 5.0.0 up to 5.0.16, all versions starting from 6.0.0 up to 6.0.4", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-08-30", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "fixed_versions": [ "3.1.25", "5.0.17", "6.0.5" ], "identifier": "CVE-2022-29117", "identifiers": [ "GHSA-3rq8-h3gj-r5c6", "CVE-2022-29117" ], "not_impacted": "All versions before 3.0.0, all versions after 3.1.24 before 5.0.0, all versions after 5.0.16 before 6.0.0, all versions after 6.0.4", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm", "pubdate": "2022-08-30", "solution": "Upgrade to versions 3.1.25, 5.0.17, 6.0.5 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6", "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "https://github.com/advisories/GHSA-3rq8-h3gj-r5c6" ], "uuid": "282fbcae-8a76-4273-a7e3-2b4ef9c2753b" }, { "affected_range": "[3.0.0,3.1.24],[5.0.0,5.0.16],[6.0.0,6.0.4]", "affected_versions": "All versions starting from 3.0.0 up to 3.1.24, all versions starting from 5.0.0 up to 5.0.16, all versions starting from 6.0.0 up to 6.0.4", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-08-30", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "fixed_versions": [ "3.1.25", "5.0.17", "6.0.5" ], "identifier": "CVE-2022-29117", "identifiers": [ "GHSA-3rq8-h3gj-r5c6", "CVE-2022-29117" ], "not_impacted": "All versions before 3.0.0, all versions after 3.1.24 before 5.0.0, all versions after 5.0.16 before 6.0.0, all versions after 6.0.4", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64", "pubdate": "2022-08-30", "solution": "Upgrade to versions 3.1.25, 5.0.17, 6.0.5 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6", "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "https://github.com/advisories/GHSA-3rq8-h3gj-r5c6" ], "uuid": "48dd7b4d-824d-41d5-9f31-2e8fd82757dc" }, { "affected_range": "[3.0.0,3.1.24],[5.0.0,5.0.16],[6.0.0,6.0.4]", "affected_versions": "All versions starting from 3.0.0 up to 3.1.24, all versions starting from 5.0.0 up to 5.0.16, all versions starting from 6.0.0 up to 6.0.4", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-08-30", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "fixed_versions": [ "3.1.25", "5.0.17", "6.0.5" ], "identifier": "CVE-2022-29117", "identifiers": [ "GHSA-3rq8-h3gj-r5c6", "CVE-2022-29117" ], "not_impacted": "All versions before 3.0.0, all versions after 3.1.24 before 5.0.0, all versions after 5.0.16 before 6.0.0, all versions after 6.0.4", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-x64", "pubdate": "2022-08-30", "solution": "Upgrade to versions 3.1.25, 5.0.17, 6.0.5 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6", "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "https://github.com/advisories/GHSA-3rq8-h3gj-r5c6" ], "uuid": "e937ab66-8339-4067-ad42-8779aa22dfa5" }, { "affected_range": "[3.0.0,3.1.24],[5.0.0,5.0.16],[6.0.0,6.0.4]", "affected_versions": "All versions starting from 3.0.0 up to 3.1.24, all versions starting from 5.0.0 up to 5.0.16, all versions starting from 6.0.0 up to 6.0.4", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-08-30", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "fixed_versions": [ "3.1.25", "5.0.17", "6.0.5" ], "identifier": "CVE-2022-29117", "identifiers": [ "GHSA-3rq8-h3gj-r5c6", "CVE-2022-29117" ], "not_impacted": "All versions before 3.0.0, all versions after 3.1.24 before 5.0.0, all versions after 5.0.16 before 6.0.0, all versions after 6.0.4", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-x64", "pubdate": "2022-08-30", "solution": "Upgrade to versions 3.1.25, 5.0.17, 6.0.5 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6", "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "https://github.com/advisories/GHSA-3rq8-h3gj-r5c6" ], "uuid": "afbe4194-ffd1-49b5-8a9d-0b6bc3e0afe8" }, { "affected_range": "[6.0.0,6.0.5)", "affected_versions": "All versions starting from 6.0.0 before 6.0.5", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-10-28", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "fixed_versions": [ "6.0.5" ], "identifier": "CVE-2022-29117", "identifiers": [ "GHSA-3rq8-h3gj-r5c6", "CVE-2022-29117" ], "not_impacted": "All versions before 6.0.0, all versions starting from 6.0.5", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.osx-arm64", "pubdate": "2022-08-30", "solution": "Upgrade to version 6.0.5 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6", "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "https://github.com/advisories/GHSA-3rq8-h3gj-r5c6" ], "uuid": "198af1cb-6119-46f3-8a38-7b8a7a4701ed" }, { "affected_range": "[3.0.0,3.1.24],[5.0.0,5.0.16],[6.0.0,6.0.4]", "affected_versions": "All versions starting from 3.0.0 up to 3.1.24, all versions starting from 5.0.0 up to 5.0.16, all versions starting from 6.0.0 up to 6.0.4", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-08-30", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "fixed_versions": [ "3.1.25", "5.0.17", "6.0.5" ], "identifier": "CVE-2022-29117", "identifiers": [ "GHSA-3rq8-h3gj-r5c6", "CVE-2022-29117" ], "not_impacted": "All versions before 3.0.0, all versions after 3.1.24 before 5.0.0, all versions after 5.0.16 before 6.0.0, all versions after 6.0.4", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.osx-x64", "pubdate": "2022-08-30", "solution": "Upgrade to versions 3.1.25, 5.0.17, 6.0.5 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6", "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "https://github.com/advisories/GHSA-3rq8-h3gj-r5c6" ], "uuid": "335506bf-d909-4931-ae58-4f03038937ef" }, { "affected_range": "[3.0.0,3.1.24],[5.0.0,5.0.16],[6.0.0,6.0.4]", "affected_versions": "All versions starting from 3.0.0 up to 3.1.24, all versions starting from 5.0.0 up to 5.0.16, all versions starting from 6.0.0 up to 6.0.4", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-08-30", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "fixed_versions": [ "3.1.25", "5.0.17", "6.0.5" ], "identifier": "CVE-2022-29117", "identifiers": [ "GHSA-3rq8-h3gj-r5c6", "CVE-2022-29117" ], "not_impacted": "All versions before 3.0.0, all versions after 3.1.24 before 5.0.0, all versions after 5.0.16 before 6.0.0, all versions after 6.0.4", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.win-arm", "pubdate": "2022-08-30", "solution": "Upgrade to versions 3.1.25, 5.0.17, 6.0.5 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6", "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "https://github.com/advisories/GHSA-3rq8-h3gj-r5c6" ], "uuid": "9b541246-7b56-43e1-ae60-f432f814a8d6" }, { "affected_range": "[3.0.0,3.1.24],[5.0.0,5.0.16],[6.0.0,6.0.4]", "affected_versions": "All versions starting from 3.0.0 up to 3.1.24, all versions starting from 5.0.0 up to 5.0.16, all versions starting from 6.0.0 up to 6.0.4", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-08-30", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "fixed_versions": [ "3.1.25", "5.0.17", "6.0.5" ], "identifier": "CVE-2022-29117", "identifiers": [ "GHSA-3rq8-h3gj-r5c6", "CVE-2022-29117" ], "not_impacted": "All versions before 3.0.0, all versions after 3.1.24 before 5.0.0, all versions after 5.0.16 before 6.0.0, all versions after 6.0.4", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.win-arm64", "pubdate": "2022-08-30", "solution": "Upgrade to versions 3.1.25, 5.0.17, 6.0.5 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6", "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "https://github.com/advisories/GHSA-3rq8-h3gj-r5c6" ], "uuid": "8b8043fc-a47b-44fb-9f25-0b10b20cd8fa" }, { "affected_range": "[3.0.0,3.1.24],[5.0.0,5.0.16],[6.0.0,6.0.4]", "affected_versions": "All versions starting from 3.0.0 up to 3.1.24, all versions starting from 5.0.0 up to 5.0.16, all versions starting from 6.0.0 up to 6.0.4", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-08-30", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "fixed_versions": [ "3.1.25", "5.0.17", "6.0.5" ], "identifier": "CVE-2022-29117", "identifiers": [ "GHSA-3rq8-h3gj-r5c6", "CVE-2022-29117" ], "not_impacted": "All versions before 3.0.0, all versions after 3.1.24 before 5.0.0, all versions after 5.0.16 before 6.0.0, all versions after 6.0.4", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.win-x64", "pubdate": "2022-08-30", "solution": "Upgrade to versions 3.1.25, 5.0.17, 6.0.5 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6", "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "https://github.com/advisories/GHSA-3rq8-h3gj-r5c6" ], "uuid": "2fc10800-4376-48a4-9432-1f8a8033f5c4" }, { "affected_range": "[3.0.0,3.1.24],[5.0.0,5.0.16],[6.0.0,6.0.4]", "affected_versions": "All versions starting from 3.0.0 up to 3.1.24, all versions starting from 5.0.0 up to 5.0.16, all versions starting from 6.0.0 up to 6.0.4", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-08-30", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "fixed_versions": [ "3.1.25", "5.0.17", "6.0.5" ], "identifier": "CVE-2022-29117", "identifiers": [ "GHSA-3rq8-h3gj-r5c6", "CVE-2022-29117" ], "not_impacted": "All versions before 3.0.0, all versions after 3.1.24 before 5.0.0, all versions after 5.0.16 before 6.0.0, all versions after 6.0.4", "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.win-x86", "pubdate": "2022-08-30", "solution": "Upgrade to versions 3.1.25, 5.0.17, 6.0.5 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6", "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "https://github.com/advisories/GHSA-3rq8-h3gj-r5c6" ], "uuid": "6bdac9c7-3bbb-45ff-94c5-96b2a5149bf8" }, { "affected_range": "(,4.21]", "affected_versions": "All versions up to 4.21", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-08-30", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "fixed_versions": [ "4.22" ], "identifier": "CVE-2022-29117", "identifiers": [ "GHSA-3rq8-h3gj-r5c6", "CVE-2022-29117" ], "not_impacted": "All versions after 4.21", "package_slug": "nuget/Microsoft.Owin.Security.Cookies", "pubdate": "2022-08-30", "solution": "Upgrade to version 4.22 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6", "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "https://github.com/advisories/GHSA-3rq8-h3gj-r5c6" ], "uuid": "56fe5aa6-ac25-45d4-a33d-df14918709c6" }, { "affected_range": "(,4.21]", "affected_versions": "All versions up to 4.21", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-08-30", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "fixed_versions": [ "4.22" ], "identifier": "CVE-2022-29117", "identifiers": [ "GHSA-3rq8-h3gj-r5c6", "CVE-2022-29117" ], "not_impacted": "All versions after 4.21", "package_slug": "nuget/Microsoft.Owin", "pubdate": "2022-08-30", "solution": "Upgrade to version 4.22 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6", "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "https://github.com/advisories/GHSA-3rq8-h3gj-r5c6" ], "uuid": "ce7272c2-7966-48a1-bb4f-95200d43f42e" }, { "affected_range": "[5.0,6.0.0]", "affected_versions": "All versions starting from 5.0 up to 6.0.0", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-05-23", "description": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", "fixed_versions": [], "identifier": "CVE-2022-29117", "identifiers": [ "CVE-2022-29117" ], "not_impacted": "", "package_slug": "nuget/System.Text.Encodings.Web", "pubdate": "2022-05-10", "solution": "Unfortunately, there is no solution available yet.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/" ], "uuid": "a4adfa01-ca96-4999-b059-56bb10668710" } ] }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:.net:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C8F02D5C-61F1-4381-8D64-8BEB5CED0DC6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "1DE0C8DD-9C73-4876-8193-068F18074B58", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_core:3.1:-:*:*:*:*:*:*", "matchCriteriaId": "70BE107E-20A0-4998-A8ED-BCC414C6BDBF", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EDDFE7B-C13D-4EF8-B288-0919CF7394F3", "versionEndIncluding": "16.0.11", "versionStartIncluding": "16.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*", "matchCriteriaId": "3393F97F-05CD-4B04-A6E1-3D914652C4E5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*", "matchCriteriaId": "950638D8-6997-4058-8A9E-6153A7FC3B32", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": ".NET and Visual Studio Denial of Service Vulnerability" }, { "lang": "es", "value": "Una vulnerabilidad de Denegaci\u00f3n de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-23267, CVE-2022-29145" } ], "id": "CVE-2022-29117", "lastModified": "2023-12-21T00:15:16.690", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Primary" } ] }, "published": "2022-05-10T21:15:11.877", "references": [ { "source": "secure@microsoft.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/" }, { "source": "secure@microsoft.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/" }, { "source": "secure@microsoft.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] } } } }
rhsa-2022_2195
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET Core is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5.\n\nSecurity Fix(es):\n\n* dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)\n\n* dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)\n\n* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:2195", "url": "https://access.redhat.com/errata/RHSA-2022:2195" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2083647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083647" }, { "category": "external", "summary": "2083649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083649" }, { "category": "external", "summary": "2083650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083650" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2195.json" } ], "title": "Red Hat Security Advisory: .NET 6.0 on RHEL 7 security and bugfix update", "tracking": { "current_release_date": "2024-11-06T00:51:01+00:00", "generator": { "date": "2024-11-06T00:51:01+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:2195", "initial_release_date": "2022-05-11T17:58:14+00:00", "revision_history": [ { "date": "2022-05-11T17:58:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-11T17:58:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:51:01+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:6.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:6.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:6.0::el7" } } } ], "category": "product_family", "name": ".NET Core on Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "product_id": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-aspnetcore-runtime-6.0@6.0.5-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "product_id": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-aspnetcore-targeting-pack-6.0@6.0.5-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet@6.0.105-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-apphost-pack-6.0@6.0.5-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-host@6.0.5-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-hostfxr-6.0@6.0.5-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-runtime-6.0@6.0.5-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-sdk-6.0@6.0.105-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts@6.0.105-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-targeting-pack-6.0@6.0.5-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-templates-6.0@6.0.105-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "product_id": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-netstandard-targeting-pack-2.1@6.0.105-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-debuginfo@6.0.105-1.el7_9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "product": { "name": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "product_id": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet@6.0.105-1.el7_9?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src" }, "product_reference": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src" }, "product_reference": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src" }, "product_reference": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-23267", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083650" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: excess memory allocation via HttpClient causes DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23267" }, { "category": "external", "summary": "RHBZ#2083650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23267", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23267" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23267", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23267" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23267", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23267" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T17:58:14+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2195" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: excess memory allocation via HttpClient causes DoS" }, { "cve": "CVE-2022-29117", "cwe": { "id": "CWE-565", "name": "Reliance on Cookies without Validation and Integrity Checking" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083647" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that many chunks.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: malicious content causes high CPU and memory usage", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29117" }, { "category": "external", "summary": "RHBZ#2083647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083647" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29117", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29117" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29117" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29117", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29117" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T17:58:14+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2195" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: malicious content causes high CPU and memory usage" }, { "cve": "CVE-2022-29145", "cwe": { "id": "CWE-551", "name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083649" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: parsing HTML causes Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29145" }, { "category": "external", "summary": "RHBZ#2083649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083649" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29145", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29145" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29145", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29145" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T17:58:14+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2195" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.5-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.105-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.105-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: parsing HTML causes Denial of Service" } ] }
rhsa-2022_2196
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET Core is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core Runtime 5.0.17.\n\nSecurity Fix(es):\n\n* dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)\n\n* dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)\n\n* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:2196", "url": "https://access.redhat.com/errata/RHSA-2022:2196" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2083647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083647" }, { "category": "external", "summary": "2083649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083649" }, { "category": "external", "summary": "2083650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083650" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2196.json" } ], "title": "Red Hat Security Advisory: .NET 5.0 on RHEL 7 security and bugfix update", "tracking": { "current_release_date": "2024-11-06T00:50:52+00:00", "generator": { "date": "2024-11-06T00:50:52+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:2196", "initial_release_date": "2022-05-11T18:23:39+00:00", "revision_history": [ { "date": "2022-05-11T18:23:39+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-11T18:23:39+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:50:52+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7" } } } ], "category": "product_family", "name": ".NET Core on Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "product_id": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-aspnetcore-runtime-5.0@5.0.17-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "product_id": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-aspnetcore-targeting-pack-5.0@5.0.17-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.214-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-apphost-pack-5.0@5.0.17-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-host@5.0.17-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-hostfxr-5.0@5.0.17-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-runtime-5.0@5.0.17-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-sdk-5.0@5.0.214-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts@5.0.214-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-targeting-pack-5.0@5.0.17-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-templates-5.0@5.0.214-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "product_id": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-netstandard-targeting-pack-2.1@5.0.214-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-debuginfo@5.0.214-1.el7_9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "product": { "name": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "product_id": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.214-1.el7_9?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-23267", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083650" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: excess memory allocation via HttpClient causes DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23267" }, { "category": "external", "summary": "RHBZ#2083650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23267", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23267" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23267", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23267" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23267", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23267" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T18:23:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2196" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: excess memory allocation via HttpClient causes DoS" }, { "cve": "CVE-2022-29117", "cwe": { "id": "CWE-565", "name": "Reliance on Cookies without Validation and Integrity Checking" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083647" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that many chunks.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: malicious content causes high CPU and memory usage", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29117" }, { "category": "external", "summary": "RHBZ#2083647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083647" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29117", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29117" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29117" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29117", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29117" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T18:23:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2196" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: malicious content causes high CPU and memory usage" }, { "cve": "CVE-2022-29145", "cwe": { "id": "CWE-551", "name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083649" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: parsing HTML causes Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29145" }, { "category": "external", "summary": "RHBZ#2083649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083649" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29145", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29145" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29145", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29145" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T18:23:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2196" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.17-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.214-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.214-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: parsing HTML causes Denial of Service" } ] }
rhsa-2022_4588
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now\navailable. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime\n6.0.5.\n\nSecurity Fix(es):\n\n* dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)\n\n* dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)\n\n* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Update .NET 6.0 to SDK 6.0.104 and Runtime 6.0.4 (BZ#2080460)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4588", "url": "https://access.redhat.com/errata/RHSA-2022:4588" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2083647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083647" }, { "category": "external", "summary": "2083649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083649" }, { "category": "external", "summary": "2083650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083650" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4588.json" } ], "title": "Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-06T00:54:24+00:00", "generator": { "date": "2024-11-06T00:54:24+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:4588", "initial_release_date": "2022-05-18T01:29:39+00:00", "revision_history": [ { "date": "2022-05-18T01:29:39+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-18T01:29:39+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:54:24+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream" } } }, { "category": "product_name", "name": "Red Hat CodeReady Linux Builder (v. 9)", "product": { "name": "Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9::crb" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "product": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.105-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "product": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "product_id": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.105-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "product": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.5-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "product": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "product_id": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.5-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "product": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.5-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "product": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.5-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "product": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.105-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "product": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "product_id": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.105-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "product": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "product_id": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.5-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "product": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "product_id": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.5-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "product": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "product_id": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.5-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-host-0:6.0.5-1.el9_0.aarch64", "product": { "name": "dotnet-host-0:6.0.5-1.el9_0.aarch64", "product_id": "dotnet-host-0:6.0.5-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host@6.0.5-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "product": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "product_id": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.5-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "product": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "product_id": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.5-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "product": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "product_id": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.105-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "product": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "product_id": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.5-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "product": { "name": "dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "product_id": "dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.105-1.el9_0?arch=aarch64" } } }, { "category": "product_version", "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "product": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "product_id": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.105-1.el9_0?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "product": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.105-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "product": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "product_id": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.105-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "product": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.5-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "product": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "product_id": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.5-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "product": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.5-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "product": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.5-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "product": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.105-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "product": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "product_id": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.105-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "product": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "product_id": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.5-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "product": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "product_id": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.5-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "product": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "product_id": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.5-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-host-0:6.0.5-1.el9_0.x86_64", "product": { "name": "dotnet-host-0:6.0.5-1.el9_0.x86_64", "product_id": "dotnet-host-0:6.0.5-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host@6.0.5-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "product": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "product_id": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.5-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "product": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "product_id": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.5-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "product": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "product_id": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.105-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "product": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "product_id": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.5-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "product": { "name": "dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "product_id": "dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.105-1.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64", "product": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64", "product_id": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.105-1.el9_0?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "product": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.105-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "product": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "product_id": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.105-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "product": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.5-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "product": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "product_id": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.5-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "product": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.5-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "product": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.5-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "product": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.105-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "product": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "product_id": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.105-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "product": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "product_id": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.5-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "product": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "product_id": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.5-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "product": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "product_id": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.5-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-host-0:6.0.5-1.el9_0.s390x", "product": { "name": "dotnet-host-0:6.0.5-1.el9_0.s390x", "product_id": "dotnet-host-0:6.0.5-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host@6.0.5-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "product": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "product_id": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.5-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "product": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "product_id": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.5-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "product": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "product_id": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.105-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "product": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "product_id": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.5-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "product": { "name": "dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "product_id": "dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.105-1.el9_0?arch=s390x" } } }, { "category": "product_version", "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "product": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "product_id": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.105-1.el9_0?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "dotnet6.0-0:6.0.105-1.el9_0.src", "product": { "name": "dotnet6.0-0:6.0.105-1.el9_0.src", "product_id": "dotnet6.0-0:6.0.105-1.el9_0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet6.0@6.0.105-1.el9_0?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x" }, "product_reference": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x" }, "product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-host-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-0:6.0.5-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-host-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-host-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64" }, "product_reference": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x" }, "product_reference": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64" }, "product_reference": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64" }, "product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x" }, "product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64" }, "product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64" }, "product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x" }, "product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64" }, "product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64" }, "product_reference": "dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x" }, "product_reference": "dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64" }, "product_reference": "dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-0:6.0.105-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src" }, "product_reference": "dotnet6.0-0:6.0.105-1.el9_0.src", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64" }, "product_reference": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x" }, "product_reference": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64" }, "product_reference": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64" }, "product_reference": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x" }, "product_reference": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64" }, "product_reference": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64" }, "product_reference": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x" }, "product_reference": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64" }, "product_reference": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x" }, "product_reference": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x" }, "product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-host-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-0:6.0.5-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-host-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-host-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64" }, "product_reference": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x" }, "product_reference": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64" }, "product_reference": "dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64" }, "product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x" }, "product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64" }, "product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64" }, "product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x" }, "product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64" }, "product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64" }, "product_reference": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x" }, "product_reference": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64" }, "product_reference": "dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64" }, "product_reference": "dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x" }, "product_reference": "dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64" }, "product_reference": "dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-0:6.0.105-1.el9_0.src as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src" }, "product_reference": "dotnet6.0-0:6.0.105-1.el9_0.src", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64" }, "product_reference": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x" }, "product_reference": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64" }, "product_reference": "dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64" }, "product_reference": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x" }, "product_reference": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64" }, "product_reference": "dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64" }, "product_reference": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x" }, "product_reference": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)", "product_id": "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64" }, "product_reference": "netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64", "relates_to_product_reference": "CRB-9.0.0.Z.MAIN.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-23267", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083650" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: excess memory allocation via HttpClient causes DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23267" }, { "category": "external", "summary": "RHBZ#2083650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23267", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23267" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23267", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23267" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23267", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23267" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-18T01:29:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4588" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: excess memory allocation via HttpClient causes DoS" }, { "cve": "CVE-2022-29117", "cwe": { "id": "CWE-565", "name": "Reliance on Cookies without Validation and Integrity Checking" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083647" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that many chunks.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: malicious content causes high CPU and memory usage", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29117" }, { "category": "external", "summary": "RHBZ#2083647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083647" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29117", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29117" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29117" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29117", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29117" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-18T01:29:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4588" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: malicious content causes high CPU and memory usage" }, { "cve": "CVE-2022-29145", "cwe": { "id": "CWE-551", "name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083649" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: parsing HTML causes Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29145" }, { "category": "external", "summary": "RHBZ#2083649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083649" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29145", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29145" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29145", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29145" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-18T01:29:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4588" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "AppStream-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el9_0.src", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el9_0.x86_64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.aarch64", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.s390x", "CRB-9.0.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el9_0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: parsing HTML causes Denial of Service" } ] }
rhsa-2022_2202
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET Core is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.419 and .NET Core Runtime 3.1.25.\n\nSecurity Fix(es):\n\n* dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)\n\n* dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)\n\n* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:2202", "url": "https://access.redhat.com/errata/RHSA-2022:2202" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2083647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083647" }, { "category": "external", "summary": "2083649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083649" }, { "category": "external", "summary": "2083650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083650" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2202.json" } ], "title": "Red Hat Security Advisory: .NET Core 3.1 security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-06T00:50:43+00:00", "generator": { "date": "2024-11-06T00:50:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:2202", "initial_release_date": "2022-05-11T18:46:48+00:00", "revision_history": [ { "date": "2022-05-11T18:46:48+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-11T18:46:48+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:50:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux CRB (v. 8)", "product": { "name": "Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::crb" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "product": { "name": "aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "product_id": "aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-runtime-3.1@3.1.25-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "product": { "name": "aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "product_id": "aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-3.1@3.1.25-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "product": { "name": "dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "product_id": "dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-3.1@3.1.25-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "product": { "name": "dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "product_id": "dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-3.1@3.1.25-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "product": { "name": "dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "product_id": "dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-3.1@3.1.25-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "product": { "name": "dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "product_id": "dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-3.1@3.1.419-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "product": { "name": "dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "product_id": "dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-targeting-pack-3.1@3.1.25-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "product": { "name": "dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "product_id": "dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-templates-3.1@3.1.419-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64", "product": { "name": "dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64", "product_id": "dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet3.1-debugsource@3.1.419-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "product": { "name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "product_id": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-3.1-debuginfo@3.1.25-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "product": { "name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "product_id": "dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-3.1-debuginfo@3.1.25-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "product": { "name": "dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "product_id": "dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-3.1-debuginfo@3.1.25-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "product": { "name": "dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "product_id": "dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-3.1-debuginfo@3.1.419-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "product": { "name": "dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "product_id": "dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet3.1-debuginfo@3.1.419-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "product": { "name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "product_id": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-3.1-source-built-artifacts@3.1.419-1.el8_6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "dotnet3.1-0:3.1.419-1.el8_6.src", "product": { "name": "dotnet3.1-0:3.1.419-1.el8_6.src", "product_id": "dotnet3.1-0:3.1.419-1.el8_6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet3.1@3.1.419-1.el8_6?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64" }, "product_reference": "dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet3.1-0:3.1.419-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src" }, "product_reference": "dotnet3.1-0:3.1.419-1.el8_6.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64" }, "product_reference": "dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64" }, "product_reference": "dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64" }, "product_reference": "dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64" }, "product_reference": "dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet3.1-0:3.1.419-1.el8_6.src as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src" }, "product_reference": "dotnet3.1-0:3.1.419-1.el8_6.src", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64" }, "product_reference": "dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64" }, "product_reference": "dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-23267", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083650" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: excess memory allocation via HttpClient causes DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23267" }, { "category": "external", "summary": "RHBZ#2083650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23267", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23267" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23267", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23267" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23267", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23267" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T18:46:48+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2202" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: excess memory allocation via HttpClient causes DoS" }, { "cve": "CVE-2022-29117", "cwe": { "id": "CWE-565", "name": "Reliance on Cookies without Validation and Integrity Checking" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083647" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that many chunks.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: malicious content causes high CPU and memory usage", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29117" }, { "category": "external", "summary": "RHBZ#2083647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083647" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29117", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29117" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29117" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29117", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29117" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T18:46:48+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2202" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: malicious content causes high CPU and memory usage" }, { "cve": "CVE-2022-29145", "cwe": { "id": "CWE-551", "name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083649" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: parsing HTML causes Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29145" }, { "category": "external", "summary": "RHBZ#2083649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083649" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29145", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29145" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29145", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29145" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T18:46:48+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2202" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-3.1-debuginfo-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-3.1-0:3.1.25-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-3.1-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-0:3.1.419-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debuginfo-0:3.1.419-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet3.1-debugsource-0:3.1.419-1.el8_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: parsing HTML causes Denial of Service" } ] }
rhsa-2022_2200
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET Core is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core Runtime 5.0.17.\n\nSecurity Fix(es):\n\n* dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)\n\n* dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)\n\n* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:2200", "url": "https://access.redhat.com/errata/RHSA-2022:2200" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2083647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083647" }, { "category": "external", "summary": "2083649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083649" }, { "category": "external", "summary": "2083650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083650" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2200.json" } ], "title": "Red Hat Security Advisory: .NET 5.0 security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-06T00:51:19+00:00", "generator": { "date": "2024-11-06T00:51:19+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:2200", "initial_release_date": "2022-05-11T18:10:49+00:00", "revision_history": [ { "date": "2022-05-11T18:10:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-11T18:10:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:51:19+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux CRB (v. 8)", "product": { "name": "Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::crb" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "product": { "name": "aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "product_id": "aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-runtime-5.0@5.0.17-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "product": { "name": "aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "product_id": "aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-5.0@5.0.17-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "product": { "name": "dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "product_id": "dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-5.0@5.0.17-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "product": { "name": "dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "product_id": "dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-5.0@5.0.17-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "product": { "name": "dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "product_id": "dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-5.0@5.0.17-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "product": { "name": "dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "product_id": "dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-5.0@5.0.214-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "product": { "name": "dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "product_id": "dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-targeting-pack-5.0@5.0.17-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "product": { "name": "dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "product_id": "dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-templates-5.0@5.0.214-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64", "product": { "name": "dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64", "product_id": "dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet5.0-debugsource@5.0.214-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "product": { "name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "product_id": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-5.0-debuginfo@5.0.17-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "product": { "name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "product_id": "dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-5.0-debuginfo@5.0.17-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "product": { "name": "dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "product_id": "dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-5.0-debuginfo@5.0.17-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "product": { "name": "dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "product_id": "dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-5.0-debuginfo@5.0.214-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "product": { "name": "dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "product_id": "dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet5.0-debuginfo@5.0.214-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "product": { "name": "dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "product_id": "dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-5.0-source-built-artifacts@5.0.214-1.el8_6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "dotnet5.0-0:5.0.214-1.el8_6.src", "product": { "name": "dotnet5.0-0:5.0.214-1.el8_6.src", "product_id": "dotnet5.0-0:5.0.214-1.el8_6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet5.0@5.0.214-1.el8_6?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64" }, "product_reference": "dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet5.0-0:5.0.214-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src" }, "product_reference": "dotnet5.0-0:5.0.214-1.el8_6.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64" }, "product_reference": "dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64" }, "product_reference": "dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64" }, "product_reference": "dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64" }, "product_reference": "dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet5.0-0:5.0.214-1.el8_6.src as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src" }, "product_reference": "dotnet5.0-0:5.0.214-1.el8_6.src", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64" }, "product_reference": "dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64" }, "product_reference": "dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-23267", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083650" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: excess memory allocation via HttpClient causes DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23267" }, { "category": "external", "summary": "RHBZ#2083650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23267", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23267" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23267", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23267" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23267", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23267" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T18:10:49+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2200" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: excess memory allocation via HttpClient causes DoS" }, { "cve": "CVE-2022-29117", "cwe": { "id": "CWE-565", "name": "Reliance on Cookies without Validation and Integrity Checking" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083647" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that many chunks.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: malicious content causes high CPU and memory usage", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29117" }, { "category": "external", "summary": "RHBZ#2083647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083647" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29117", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29117" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29117" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29117", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29117" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T18:10:49+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2200" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: malicious content causes high CPU and memory usage" }, { "cve": "CVE-2022-29145", "cwe": { "id": "CWE-551", "name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083649" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: parsing HTML causes Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29145" }, { "category": "external", "summary": "RHBZ#2083649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083649" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29145", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29145" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29145", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29145" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T18:10:49+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2200" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-5.0-debuginfo-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-5.0-source-built-artifacts-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-5.0-0:5.0.17-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-5.0-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-0:5.0.214-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debuginfo-0:5.0.214-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet5.0-debugsource-0:5.0.214-1.el8_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: parsing HTML causes Denial of Service" } ] }
rhsa-2022_2199
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET Core is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5.\n\nSecurity Fix(es):\n\n* dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)\n\n* dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)\n\n* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:2199", "url": "https://access.redhat.com/errata/RHSA-2022:2199" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2083647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083647" }, { "category": "external", "summary": "2083649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083649" }, { "category": "external", "summary": "2083650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083650" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2199.json" } ], "title": "Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-06T00:51:10+00:00", "generator": { "date": "2024-11-06T00:51:10+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:2199", "initial_release_date": "2022-05-11T18:25:42+00:00", "revision_history": [ { "date": "2022-05-11T18:25:42+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-11T18:25:42+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:51:10+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux CRB (v. 8)", "product": { "name": "Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::crb" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "product": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "product_id": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.5-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "product": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "product_id": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.5-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-0:6.0.105-1.el8_6.aarch64", "product": { "name": "dotnet-0:6.0.105-1.el8_6.aarch64", "product_id": "dotnet-0:6.0.105-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet@6.0.105-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "product": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "product_id": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.5-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-host-0:6.0.5-1.el8_6.aarch64", "product": { "name": "dotnet-host-0:6.0.5-1.el8_6.aarch64", "product_id": "dotnet-host-0:6.0.5-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host@6.0.5-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "product": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "product_id": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.5-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "product": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "product_id": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.5-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "product": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "product_id": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.105-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "product": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "product_id": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.5-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "product": { "name": "dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "product_id": "dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.105-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "product": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "product_id": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.105-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "product": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "product_id": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.105-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "product": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.5-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "product": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "product_id": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.5-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "product": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.5-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "product": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.5-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "product": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.105-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "product": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "product_id": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.105-1.el8_6?arch=aarch64" } } }, { "category": "product_version", "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "product": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.105-1.el8_6?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "product": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "product_id": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.5-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "product": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "product_id": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.5-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-0:6.0.105-1.el8_6.x86_64", "product": { "name": "dotnet-0:6.0.105-1.el8_6.x86_64", "product_id": "dotnet-0:6.0.105-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet@6.0.105-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "product": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "product_id": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.5-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-host-0:6.0.5-1.el8_6.x86_64", "product": { "name": "dotnet-host-0:6.0.5-1.el8_6.x86_64", "product_id": "dotnet-host-0:6.0.5-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host@6.0.5-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "product": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "product_id": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.5-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "product": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "product_id": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.5-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "product": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "product_id": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.105-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "product": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "product_id": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.5-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "product": { "name": "dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "product_id": "dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.105-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64", "product": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64", "product_id": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.105-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "product": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "product_id": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.105-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "product": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.5-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "product": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "product_id": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.5-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "product": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.5-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "product": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.5-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "product": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.105-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "product": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "product_id": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.105-1.el8_6?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "product": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.105-1.el8_6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "product": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "product_id": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-runtime-6.0@6.0.5-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "product": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "product_id": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-6.0@6.0.5-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-0:6.0.105-1.el8_6.s390x", "product": { "name": "dotnet-0:6.0.105-1.el8_6.s390x", "product_id": "dotnet-0:6.0.105-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet@6.0.105-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "product": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "product_id": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0@6.0.5-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-host-0:6.0.5-1.el8_6.s390x", "product": { "name": "dotnet-host-0:6.0.5-1.el8_6.s390x", "product_id": "dotnet-host-0:6.0.5-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host@6.0.5-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "product": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "product_id": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0@6.0.5-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "product": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "product_id": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-6.0@6.0.5-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "product": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "product_id": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0@6.0.105-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "product": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "product_id": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-targeting-pack-6.0@6.0.5-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "product": { "name": "dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "product_id": "dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-templates-6.0@6.0.105-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "product": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "product_id": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@6.0.105-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "product": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "product_id": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet6.0-debugsource@6.0.105-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "product": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "product_id": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-6.0-debuginfo@6.0.5-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "product": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "product_id": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host-debuginfo@6.0.5-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "product": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "product_id": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-6.0-debuginfo@6.0.5-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "product": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "product_id": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-6.0-debuginfo@6.0.5-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "product": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "product_id": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0-debuginfo@6.0.105-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "product": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "product_id": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet6.0-debuginfo@6.0.105-1.el8_6?arch=s390x" } } }, { "category": "product_version", "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "product": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "product_id": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-6.0-source-built-artifacts@6.0.105-1.el8_6?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "dotnet6.0-0:6.0.105-1.el8_6.src", "product": { "name": "dotnet6.0-0:6.0.105-1.el8_6.src", "product_id": "dotnet6.0-0:6.0.105-1.el8_6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet6.0@6.0.105-1.el8_6?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x" }, "product_reference": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x" }, "product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "dotnet-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x" }, "product_reference": "dotnet-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "dotnet-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-host-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-host-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-host-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x" }, "product_reference": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x" }, "product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x" }, "product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x" }, "product_reference": "dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-0:6.0.105-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src" }, "product_reference": "dotnet6.0-0:6.0.105-1.el8_6.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x" }, "product_reference": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x" }, "product_reference": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x" }, "product_reference": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x" }, "product_reference": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x" }, "product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "dotnet-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x" }, "product_reference": "dotnet-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "dotnet-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-host-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-host-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-host-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x" }, "product_reference": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x" }, "product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x" }, "product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64" }, "product_reference": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x" }, "product_reference": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64" }, "product_reference": "dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x" }, "product_reference": "dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-0:6.0.105-1.el8_6.src as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src" }, "product_reference": "dotnet6.0-0:6.0.105-1.el8_6.src", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x" }, "product_reference": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x" }, "product_reference": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64" }, "product_reference": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x" }, "product_reference": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)", "product_id": "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64" }, "product_reference": "netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64", "relates_to_product_reference": "CRB-8.6.0.Z.MAIN.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-23267", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083650" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: excess memory allocation via HttpClient causes DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23267" }, { "category": "external", "summary": "RHBZ#2083650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23267", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23267" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23267", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23267" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23267", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23267" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T18:25:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2199" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: excess memory allocation via HttpClient causes DoS" }, { "cve": "CVE-2022-29117", "cwe": { "id": "CWE-565", "name": "Reliance on Cookies without Validation and Integrity Checking" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083647" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that many chunks.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: malicious content causes high CPU and memory usage", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29117" }, { "category": "external", "summary": "RHBZ#2083647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083647" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29117", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29117" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29117" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29117", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29117" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T18:25:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2199" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: malicious content causes high CPU and memory usage" }, { "cve": "CVE-2022-29145", "cwe": { "id": "CWE-551", "name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083649" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: parsing HTML causes Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29145" }, { "category": "external", "summary": "RHBZ#2083649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083649" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29145", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29145" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29145", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29145" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T18:25:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2199" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "AppStream-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:aspnetcore-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-apphost-pack-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-host-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-hostfxr-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-runtime-6.0-debuginfo-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-sdk-6.0-source-built-artifacts-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-targeting-pack-6.0-0:6.0.5-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet-templates-6.0-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-0:6.0.105-1.el8_6.src", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debuginfo-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:dotnet6.0-debugsource-0:6.0.105-1.el8_6.x86_64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.aarch64", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.s390x", "CRB-8.6.0.Z.MAIN.EUS:netstandard-targeting-pack-2.1-0:6.0.105-1.el8_6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: parsing HTML causes Denial of Service" } ] }
rhsa-2022_2194
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET Core is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.419 and .NET Core Runtime 3.1.25.\n\nSecurity Fix(es):\n\n* dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)\n\n* dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)\n\n* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:2194", "url": "https://access.redhat.com/errata/RHSA-2022:2194" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2083647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083647" }, { "category": "external", "summary": "2083649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083649" }, { "category": "external", "summary": "2083650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083650" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2194.json" } ], "title": "Red Hat Security Advisory: .NET Core 3.1 on RHEL 7 security and bugfix update", "tracking": { "current_release_date": "2024-11-06T00:51:21+00:00", "generator": { "date": "2024-11-06T00:51:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:2194", "initial_release_date": "2022-05-11T18:11:10+00:00", "revision_history": [ { "date": "2022-05-11T18:11:10+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-11T18:11:10+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:51:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7" } } } ], "category": "product_family", "name": ".NET Core on Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "product_id": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-aspnetcore-runtime-3.1@3.1.25-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "product_id": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-aspnetcore-targeting-pack-3.1@3.1.25-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.419-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-apphost-pack-3.1@3.1.25-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-host@3.1.25-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-hostfxr-3.1@3.1.25-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-runtime-3.1@3.1.25-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1@3.1.419-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts@3.1.419-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-targeting-pack-3.1@3.1.25-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-templates-3.1@3.1.419-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "product_id": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-netstandard-targeting-pack-2.1@3.1.419-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-debuginfo@3.1.419-1.el7_9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "product": { "name": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "product_id": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.419-1.el7_9?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-23267", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083650" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: excess memory allocation via HttpClient causes DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23267" }, { "category": "external", "summary": "RHBZ#2083650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23267", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23267" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23267", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23267" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23267", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23267" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T18:11:10+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2194" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: excess memory allocation via HttpClient causes DoS" }, { "cve": "CVE-2022-29117", "cwe": { "id": "CWE-565", "name": "Reliance on Cookies without Validation and Integrity Checking" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083647" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that many chunks.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: malicious content causes high CPU and memory usage", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29117" }, { "category": "external", "summary": "RHBZ#2083647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083647" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29117", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29117" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29117", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29117" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29117", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29117" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T18:11:10+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2194" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: malicious content causes high CPU and memory usage" }, { "cve": "CVE-2022-29145", "cwe": { "id": "CWE-551", "name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization" }, "discovery_date": "2022-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2083649" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: parsing HTML causes Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "Affected .NET versions: 6.0, 5.0, 3.1", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29145" }, { "category": "external", "summary": "RHBZ#2083649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083649" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29145", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29145" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29145", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29145" } ], "release_date": "2022-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-11T18:11:10+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:2194" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.25-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.419-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.419-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: parsing HTML causes Denial of Service" } ] }
var-202205-0625
Vulnerability from variot
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:2195-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2195 Issue date: 2022-05-11 CVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145 ==================================================================== 1. Summary:
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5.
Security Fix(es):
-
dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)
-
dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)
-
dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage 2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service 2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-23267 https://access.redhat.com/security/cve/CVE-2022-29117 https://access.redhat.com/security/cve/CVE-2022-29145 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYnw2ZtzjgjWX9erEAQhfsA//XM/8Ih5T9J+ql5cd6IgYWbT1UOM8KE17 4abvuRvxBqSfJyACbCEbRNm+GZzqWF6SHYamS3lAfs5Gt/SmIcEtyWZTaEkiZtbi sIsJ2Hd802Sm8K1gcU0MFOMhT5zwI3ogteixbvzkN6y5NxHitkVTUZqOIjvpcNzn Mc0bfAgeIzODP6F5hfneYantgPhQC3j5eWDcRBOrvxD2cRDnQ6CzL37wUsdSd+TA f8b7Ck2lg9poj+v/4L/HVLZJi47HM3C3ouqJClTx3kL89ktEZkhavcLua4wX8aY5 n1MPCnMe9OrPwfzAzyCrZqKezAutuu3QfXaWy37RW4M4Tza1dfP/4eJ2fBH19JcB 3iUmFmQmR36WFLBMCrUzLNH8FsBXzp1MLiiKuRgV/MXa+M2ZwMeqTFQuAsAA8lTE 0Qeoyf7JmWP/iDcODWKU/+eApCsRKBnmB952x3UroOq0H57m1RPJKZRlwwqy1S2a Tc2xXDB/w6SaORozEXlGnyrzHBIM7FdHkNS4zdWSNH4GRkO3bbwsi2CPgzIkXvyZ j1Q4NEtntVC3FmkKHUoSw3XRmBNrBNAD3JRKWYXEmN1JAfXSAsrbOqlj9sCE/nTJ rDNXwYArh73UwTMfU2+JL/2XE1mgV+LWBtAMsoBGHAg31HdXQQOe1UoJEaKjX7p3 zq2nVL/qVmM=le1K -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, s390x, x86_64
3
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0625", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "36" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "visual studio 2019", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "16.0" }, { "model": ".net", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "5.0" }, { "model": ".net", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "6.0.0" }, { "model": "visual studio 2019", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "16.0.11" }, { "model": ".net core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "3.1" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "visual studio 2022", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "17.0" }, { "model": "visual studio 2022", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "17.1" }, { "model": "microsoft visual studio", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2022 17.0" }, { "model": ".net", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "microsoft visual studio", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2022 17.1" }, { "model": "microsoft visual studio", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2019 16.11 (includes 16.0 - 16.10)" }, { "model": "microsoft visual studio", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2019 16.9 (includes 16.0 - 16.8)" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-001866" }, { "db": "NVD", "id": "CVE-2022-29117" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:3.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.0.11", "versionStartIncluding": "16.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-29117" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "167135" }, { "db": "PACKETSTORM", "id": "167382" }, { "db": "PACKETSTORM", "id": "167128" }, { "db": "PACKETSTORM", "id": "167143" }, { "db": "PACKETSTORM", "id": "167125" }, { "db": "PACKETSTORM", "id": "167141" }, { "db": "PACKETSTORM", "id": "167130" } ], "trust": 0.7 }, "cve": "CVE-2022-29117", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-29117", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "secure@microsoft.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2022-001866", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-29117", "trust": 1.0, "value": "MEDIUM" }, { "author": "secure@microsoft.com", "id": "CVE-2022-29117", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2022-29117", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202205-2773", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2022-29117", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29117" }, { "db": "JVNDB", "id": "JVNDB-2022-001866" }, { "db": "NVD", "id": "CVE-2022-29117" }, { "db": "NVD", "id": "CVE-2022-29117" }, { "db": "CNNVD", "id": "CNNVD-202205-2773" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2022:2195-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:2195\nIssue date: 2022-05-11\nCVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145\n====================================================================\n1. Summary:\n\nAn update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET Core that address a security vulnerability are now\navailable. The updated versions are .NET Core SDK 6.0.105 and .NET Core\nRuntime 6.0.5. \n\nSecurity Fix(es):\n\n* dotnet: excess memory allocation via HttpClient causes DoS\n(CVE-2022-23267)\n\n* dotnet: malicious content causes high CPU and memory usage\n(CVE-2022-29117)\n\n* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage\n2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service\n2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-23267\nhttps://access.redhat.com/security/cve/CVE-2022-29117\nhttps://access.redhat.com/security/cve/CVE-2022-29145\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYnw2ZtzjgjWX9erEAQhfsA//XM/8Ih5T9J+ql5cd6IgYWbT1UOM8KE17\n4abvuRvxBqSfJyACbCEbRNm+GZzqWF6SHYamS3lAfs5Gt/SmIcEtyWZTaEkiZtbi\nsIsJ2Hd802Sm8K1gcU0MFOMhT5zwI3ogteixbvzkN6y5NxHitkVTUZqOIjvpcNzn\nMc0bfAgeIzODP6F5hfneYantgPhQC3j5eWDcRBOrvxD2cRDnQ6CzL37wUsdSd+TA\nf8b7Ck2lg9poj+v/4L/HVLZJi47HM3C3ouqJClTx3kL89ktEZkhavcLua4wX8aY5\nn1MPCnMe9OrPwfzAzyCrZqKezAutuu3QfXaWy37RW4M4Tza1dfP/4eJ2fBH19JcB\n3iUmFmQmR36WFLBMCrUzLNH8FsBXzp1MLiiKuRgV/MXa+M2ZwMeqTFQuAsAA8lTE\n0Qeoyf7JmWP/iDcODWKU/+eApCsRKBnmB952x3UroOq0H57m1RPJKZRlwwqy1S2a\nTc2xXDB/w6SaORozEXlGnyrzHBIM7FdHkNS4zdWSNH4GRkO3bbwsi2CPgzIkXvyZ\nj1Q4NEtntVC3FmkKHUoSw3XRmBNrBNAD3JRKWYXEmN1JAfXSAsrbOqlj9sCE/nTJ\nrDNXwYArh73UwTMfU2+JL/2XE1mgV+LWBtAMsoBGHAg31HdXQQOe1UoJEaKjX7p3\nzq2nVL/qVmM=le1K\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, s390x, x86_64\n\n3", "sources": [ { "db": "NVD", "id": "CVE-2022-29117" }, { "db": "JVNDB", "id": "JVNDB-2022-001866" }, { "db": "VULMON", "id": "CVE-2022-29117" }, { "db": "PACKETSTORM", "id": "167135" }, { "db": "PACKETSTORM", "id": "167382" }, { "db": "PACKETSTORM", "id": "167128" }, { "db": "PACKETSTORM", "id": "167143" }, { "db": "PACKETSTORM", "id": "167125" }, { "db": "PACKETSTORM", "id": "167141" }, { "db": "PACKETSTORM", "id": "167130" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-29117", "trust": 4.0 }, { "db": "JVNDB", "id": "JVNDB-2022-001866", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "167382", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "167143", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022051101", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022051228", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022072010", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202205-2773", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-29117", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167135", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167128", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167125", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167141", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167130", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29117" }, { "db": "JVNDB", "id": "JVNDB-2022-001866" }, { "db": "PACKETSTORM", "id": "167135" }, { "db": "PACKETSTORM", "id": "167382" }, { "db": "PACKETSTORM", "id": "167128" }, { "db": "PACKETSTORM", "id": "167143" }, { "db": "PACKETSTORM", "id": "167125" }, { "db": "PACKETSTORM", "id": "167141" }, { "db": "PACKETSTORM", "id": "167130" }, { "db": "NVD", "id": "CVE-2022-29117" }, { "db": "CNNVD", "id": "CNNVD-202205-2773" } ] }, "id": "VAR-202205-0625", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-21T19:46:39.548000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": ".NET\u00a0and\u00a0Visual\u00a0Studio\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-29117" }, { "title": "Microsoft .NET and Microsoft Visual Studio Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=193780" }, { "title": "Red Hat: Important: .NET 6.0 security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20224588 - security advisory" }, { "title": "Red Hat: Important: .NET 6.0 security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20222199 - security advisory" }, { "title": "Red Hat: Important: .NET 5.0 security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20222200 - security advisory" }, { "title": "Red Hat: Important: .NET 6.0 on RHEL 7 security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20222195 - security advisory" }, { "title": "Red Hat: Important: .NET Core 3.1 on RHEL 7 security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20222194 - security advisory" }, { "title": "Red Hat: Important: .NET 5.0 on RHEL 7 security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20222196 - security advisory" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29117" }, { "db": "JVNDB", "id": "JVNDB-2022-001866" }, { "db": "CNNVD", "id": "CNNVD-202205-2773" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-001866" }, { "db": "NVD", "id": "CVE-2022-29117" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-29117" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29117" }, { "trust": 1.3, "url": "https://access.redhat.com/security/cve/cve-2022-29117" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gnxql7ezorgu4pzcpj5epq4p7iey3zzo/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ibysbudjyq76hk4tulxviipckk2u6wdb/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w5fpeq6btyrgts6iycdtzw6yf5hlq3by/" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20220511-ms.html" }, { "trust": 0.8, "url": "https://www.jpcert.or.jp/at/2022/at220014.html" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ibysbudjyq76hk4tulxviipckk2u6wdb/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/w5fpeq6btyrgts6iycdtzw6yf5hlq3by/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gnxql7ezorgu4pzcpj5epq4p7iey3zzo/" }, { "trust": 0.7, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.7, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23267" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2022-23267" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29145" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2022-29145" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022051228" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2022-38299" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-29117/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/167143/red-hat-security-advisory-2022-2200-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb20220720108" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022051101" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/167382/red-hat-security-advisory-2022-4588-01.html" }, { "trust": 0.6, "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-29117" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2022:4588" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/400.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:2202" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:2196" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:2200" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:2195" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:2199" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:2194" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-29117" }, { "db": "JVNDB", "id": "JVNDB-2022-001866" }, { "db": "PACKETSTORM", "id": "167135" }, { "db": "PACKETSTORM", "id": "167382" }, { "db": "PACKETSTORM", "id": "167128" }, { "db": "PACKETSTORM", "id": "167143" }, { "db": "PACKETSTORM", "id": "167125" }, { "db": "PACKETSTORM", "id": "167141" }, { "db": "PACKETSTORM", "id": "167130" }, { "db": "NVD", "id": "CVE-2022-29117" }, { "db": "CNNVD", "id": "CNNVD-202205-2773" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-29117" }, { "db": "JVNDB", "id": "JVNDB-2022-001866" }, { "db": "PACKETSTORM", "id": "167135" }, { "db": "PACKETSTORM", "id": "167382" }, { "db": "PACKETSTORM", "id": "167128" }, { "db": "PACKETSTORM", "id": "167143" }, { "db": "PACKETSTORM", "id": "167125" }, { "db": "PACKETSTORM", "id": "167141" }, { "db": "PACKETSTORM", "id": "167130" }, { "db": "NVD", "id": "CVE-2022-29117" }, { "db": "CNNVD", "id": "CNNVD-202205-2773" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-10T00:00:00", "db": "VULMON", "id": "CVE-2022-29117" }, { "date": "2022-05-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-001866" }, { "date": "2022-05-12T15:51:27", "db": "PACKETSTORM", "id": "167135" }, { "date": "2022-06-03T15:43:44", "db": "PACKETSTORM", "id": "167382" }, { "date": "2022-05-12T15:44:58", "db": "PACKETSTORM", "id": "167128" }, { "date": "2022-05-12T15:56:14", "db": "PACKETSTORM", "id": "167143" }, { "date": "2022-05-12T15:40:23", "db": "PACKETSTORM", "id": "167125" }, { "date": "2022-05-12T15:53:37", "db": "PACKETSTORM", "id": "167141" }, { "date": "2022-05-12T15:46:28", "db": "PACKETSTORM", "id": "167130" }, { "date": "2022-05-10T21:15:11.877000", "db": "NVD", "id": "CVE-2022-29117" }, { "date": "2022-05-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-2773" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-23T00:00:00", "db": "VULMON", "id": "CVE-2022-29117" }, { "date": "2022-05-25T08:40:00", "db": "JVNDB", "id": "JVNDB-2022-001866" }, { "date": "2023-12-21T00:15:16.690000", "db": "NVD", "id": "CVE-2022-29117" }, { "date": "2022-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-2773" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-2773" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET\u00a0 and \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 Denial of service in Japan \u00a0(DoS)\u00a0 Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-001866" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-2773" } ], "trust": 0.6 } }
ghsa-3rq8-h3gj-r5c6
Vulnerability from github
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A vulnerability exists in .NET 6.0, .NET 5.0 and .NET core 3.1 where a malicious client can manipulate cookies and cause a Denial of Service.
Affected software
- Any .NET 6.0 application running on .NET 6.0.4 or earlier.
- Any .NET 5.0 application running .NET 5.0.16 or earlier.
- Any .NET Core 3.1 application running on .NET Core 3.1.24 or earlier.
Affected packages
.NET Core 3.1
| Package name | Affected versions | Patched versions | |---------------------------------------------------|-------------------|------------------| | Microsoft.Owin.Security.Cookies | <4.2.2 | 4.2.2 | | Microsoft.Owin.Security | <4.2.2 | 4.2.2 | | Microsoft.AspNetCore.App.Runtime.win-x64 | >=3.0.0,3.1.24 | 3.1.25 | | Microsoft.AspNetCore.App.Runtime.linux-x64 | >=3.0.0,3.1.24 | 3.1.25 | | Microsoft.AspNetCore.App.Runtime.win-x86 | >=3.0.0,3.1.24 | 3.1.25 | | Microsoft.AspNetCore.App.Runtime.osx-x64 | >=3.0.0,3.1.24 | 3.1.25 | | Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | >=3.0.0,3.1.24 | 3.1.25 | | Microsoft.AspNetCore.App.Runtime.linux-arm64 | >=3.0.0,3.1.24 | 3.1.25 | | Microsoft.AspNetCore.App.Runtime.linux-arm | >=3.0.0,3.1.24 | 3.1.25 | | Microsoft.AspNetCore.App.Runtime.win-arm64 | >=3.0.0,3.1.24 | 3.1.25 | | Microsoft.AspNetCore.App.Runtime.win-arm | >=3.0.0,3.1.24 | 3.1.25 | | Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | >=3.0.0,3.1.24 | 3.1.25 | | Microsoft.AspNetCore.App.Runtime.linux-musl-arm | >=3.0.0,3.1.24 | 3.1.25 |
.NET 5.0
| Affected packages | Affected versions | Patched versions | |---------------------------------------------------|-------------------|------------------| | Microsoft.Owin.Security.Cookies | < 4.2.2 | 4.2.2 | | Microsoft.AspNetCore.App.Runtime.win-x64 | >=5.0.0,5.0.16 | 5.0.17 | | Microsoft.AspNetCore.App.Runtime.linux-x64 | >=5.0.0,5.0.16 | 5.0.17 | | Microsoft.AspNetCore.App.Runtime.win-x86 | >=5.0.0,5.0.16 | 5.0.17 | | Microsoft.AspNetCore.App.Runtime.osx-x64 | >=5.0.0,5.0.16 | 5.0.17 | | Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | >=5.0.0,5.0.16 | 5.0.17 | | Microsoft.AspNetCore.App.Runtime.linux-arm64 | >=5.0.0,5.0.16 | 5.0.17 | | Microsoft.AspNetCore.App.Runtime.linux-arm | >=5.0.0,5.0.16 | 5.0.17 | | Microsoft.AspNetCore.App.Runtime.win-arm64 | >=5.0.0,5.0.16 | 5.0.17 | | Microsoft.AspNetCore.App.Runtime.win-arm | >=5.0.0,5.0.16 | 5.0.17 | | Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | >=5.0.0,5.0.16 | 5.0.17 | | Microsoft.AspNetCore.App.Runtime.linux-musl-arm | >=5.0.0,5.0.16 | 5.0.17 |
.NET 6.0
| Affected packages | Affected versions | Patched versions | |---------------------------------------------------|-------------------|------------------| | Microsoft.Owin.Security.Cookies | <4.2.2 | 4.2.2 | | Microsoft.AspNetCore.App.Runtime.win-x64 | >=6.0.0,6.0.4 | 6.0.5 | | Microsoft.AspNetCore.App.Runtime.linux-x64 | >=6.0.0,6.0.4 | 6.0.5 | | Microsoft.AspNetCore.App.Runtime.win-x86 | >=6.0.0,6.0.4 | 6.0.5 | | Microsoft.AspNetCore.App.Runtime.osx-x64 | >=6.0.0,6.0.4 | 6.0.5 | | Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | >=6.0.0,6.0.4 | 6.0.5 | | Microsoft.AspNetCore.App.Runtime.linux-arm64 | >=6.0.0,6.0.4 | 6.0.5 | | Microsoft.AspNetCore.App.Runtime.linux-arm | >=6.0.0,6.0.4 | 6.0.5 | | Microsoft.AspNetCore.App.Runtime.win-arm64 | >=6.0.0,6.0.4 | 6.0.5 | | Microsoft.AspNetCore.App.Runtime.win-arm | >=6.0.0,6.0.4 | 6.0.5 | | Microsoft.AspNetCore.App.Runtime.osx-arm64 | >=6.0.0,6.0.4 | 6.0.5 | | Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | >=6.0.0,6.0.4 | 6.0.5 | | Microsoft.AspNetCore.App.Runtime.linux-musl-arm | >=6.0.0,6.0.4 | 6.0.5 |
Patches
-
If you're using .NET Core 6.0, you should download and install Runtime 6.0.5 or SDK 6.0.105 (for Visual Studio 2022 v17.0) or SDK 6.0.203 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.
-
If you're using .NET 5.0, you should download and install Runtime 5.0.17 or SDK 5.0.214 (for Visual Studio 2019 v16.9) or SDK 5.0.408 (for Visual Studio 2011 v16.11) from https://dotnet.microsoft.com/download/dotnet-core/5.0.
-
If you're using .NET Core 3.1, you should download and install Runtime 3.1.25 or SDK 3.1.419 (for Visual Studio 2019 v16.9 or Visual Studio 2011 16.11 or Visual Studio 2022 17.0 or Visual Studio 2022 17.1 ) from https://dotnet.microsoft.com/download/dotnet-core/3.1.
.NET 6.0, .NET 5.0 and .NET Core 3.1 updates are also available from Microsoft Update. To access this either type "Check for updates" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates.
Other Details
- Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/220
- An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/41608
- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29117
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 3.1.24" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-x64" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.1.25" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.Owin.Security.Cookies" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "4.2.2" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 5.0.16" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.17" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.Owin" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "4.2.2" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 6.0.4" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-x64" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.5" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 3.1.24" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-x64" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.1.25" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 5.0.16" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.17" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 6.0.4" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-x64" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.5" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 3.1.24" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-x86" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.1.25" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 5.0.16" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-x86" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.17" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 6.0.4" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-x86" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.5" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 3.1.24" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.osx-x64" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.1.25" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 5.0.16" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.osx-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.17" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 6.0.4" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.osx-x64" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.5" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 3.1.24" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-x64" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.1.25" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 5.0.16" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.17" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 6.0.4" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-x64" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.5" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 3.1.24" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-arm64" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.1.25" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 5.0.16" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-arm64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.17" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 6.0.4" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-arm64" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.5" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 3.1.24" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-arm" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.1.25" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 5.0.16" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-arm" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.17" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 6.0.4" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-arm" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.5" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 3.1.24" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-arm64" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.1.25" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 5.0.16" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-arm64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.17" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 6.0.4" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-arm64" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.5" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 3.1.24" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-arm" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.1.25" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 5.0.16" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-arm" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.17" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 6.0.4" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.win-arm" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.5" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 3.1.24" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm64" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.1.25" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 5.0.16" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.17" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 6.0.4" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm64" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.5" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 3.1.24" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.1.25" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 5.0.16" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.17" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 6.0.4" }, "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.App.Runtime.osx-arm64" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.5" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2022-29117" ], "database_specific": { "cwe_ids": [ "CWE-400" ], "github_reviewed": true, "github_reviewed_at": "2022-08-30T19:32:29Z", "nvd_published_at": "2022-05-10T21:15:00Z", "severity": "HIGH" }, "details": "Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA vulnerability exists in .NET 6.0, .NET 5.0 and .NET core 3.1 where a malicious client can manipulate cookies and cause a Denial of Service.\n\n### Affected software\n\n* Any .NET 6.0 application running on .NET 6.0.4 or earlier.\n* Any .NET 5.0 application running .NET 5.0.16 or earlier.\n* Any .NET Core 3.1 application running on .NET Core 3.1.24 or earlier.\n\n#### Affected packages\n\n**.NET Core 3.1**\n\n| Package name | Affected versions | Patched versions |\n|---------------------------------------------------|-------------------|------------------|\n| Microsoft.Owin.Security.Cookies | \u003c4.2.2 | 4.2.2 |\n| Microsoft.Owin.Security | \u003c4.2.2 | 4.2.2 |\n| Microsoft.AspNetCore.App.Runtime.win-x64 | \u003e=3.0.0,3.1.24 | 3.1.25 |\n| Microsoft.AspNetCore.App.Runtime.linux-x64 | \u003e=3.0.0,3.1.24 | 3.1.25 |\n| Microsoft.AspNetCore.App.Runtime.win-x86 | \u003e=3.0.0,3.1.24 | 3.1.25 |\n| Microsoft.AspNetCore.App.Runtime.osx-x64 | \u003e=3.0.0,3.1.24 | 3.1.25 |\n| Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | \u003e=3.0.0,3.1.24 | 3.1.25 |\n| Microsoft.AspNetCore.App.Runtime.linux-arm64 | \u003e=3.0.0,3.1.24 | 3.1.25 |\n| Microsoft.AspNetCore.App.Runtime.linux-arm | \u003e=3.0.0,3.1.24 | 3.1.25 |\n| Microsoft.AspNetCore.App.Runtime.win-arm64 | \u003e=3.0.0,3.1.24 | 3.1.25 |\n| Microsoft.AspNetCore.App.Runtime.win-arm | \u003e=3.0.0,3.1.24 | 3.1.25 |\n| Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | \u003e=3.0.0,3.1.24 | 3.1.25 |\n| Microsoft.AspNetCore.App.Runtime.linux-musl-arm | \u003e=3.0.0,3.1.24 | 3.1.25 |\n\n**.NET 5.0**\n\n| Affected packages | Affected versions | Patched versions |\n|---------------------------------------------------|-------------------|------------------|\n| Microsoft.Owin.Security.Cookies | \u003c 4.2.2 | 4.2.2 |\n| Microsoft.AspNetCore.App.Runtime.win-x64 | \u003e=5.0.0,5.0.16 | 5.0.17 |\n| Microsoft.AspNetCore.App.Runtime.linux-x64 | \u003e=5.0.0,5.0.16 | 5.0.17 |\n| Microsoft.AspNetCore.App.Runtime.win-x86 | \u003e=5.0.0,5.0.16 | 5.0.17 |\n| Microsoft.AspNetCore.App.Runtime.osx-x64 | \u003e=5.0.0,5.0.16 | 5.0.17 |\n| Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | \u003e=5.0.0,5.0.16 | 5.0.17 |\n| Microsoft.AspNetCore.App.Runtime.linux-arm64 | \u003e=5.0.0,5.0.16 | 5.0.17 |\n| Microsoft.AspNetCore.App.Runtime.linux-arm | \u003e=5.0.0,5.0.16 | 5.0.17 |\n| Microsoft.AspNetCore.App.Runtime.win-arm64 | \u003e=5.0.0,5.0.16 | 5.0.17 |\n| Microsoft.AspNetCore.App.Runtime.win-arm | \u003e=5.0.0,5.0.16 | 5.0.17 |\n| Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | \u003e=5.0.0,5.0.16 | 5.0.17 |\n| Microsoft.AspNetCore.App.Runtime.linux-musl-arm | \u003e=5.0.0,5.0.16 | 5.0.17 |\n\n**.NET 6.0**\n\n| Affected packages | Affected versions | Patched versions |\n|---------------------------------------------------|-------------------|------------------|\n| Microsoft.Owin.Security.Cookies | \u003c4.2.2 | 4.2.2 |\n| Microsoft.AspNetCore.App.Runtime.win-x64 | \u003e=6.0.0,6.0.4 | 6.0.5 |\n| Microsoft.AspNetCore.App.Runtime.linux-x64 | \u003e=6.0.0,6.0.4 | 6.0.5 |\n| Microsoft.AspNetCore.App.Runtime.win-x86 | \u003e=6.0.0,6.0.4 | 6.0.5 |\n| Microsoft.AspNetCore.App.Runtime.osx-x64 | \u003e=6.0.0,6.0.4 | 6.0.5 |\n| Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | \u003e=6.0.0,6.0.4 | 6.0.5 |\n| Microsoft.AspNetCore.App.Runtime.linux-arm64 | \u003e=6.0.0,6.0.4 | 6.0.5 |\n| Microsoft.AspNetCore.App.Runtime.linux-arm | \u003e=6.0.0,6.0.4 | 6.0.5 |\n| Microsoft.AspNetCore.App.Runtime.win-arm64 | \u003e=6.0.0,6.0.4 | 6.0.5 |\n| Microsoft.AspNetCore.App.Runtime.win-arm | \u003e=6.0.0,6.0.4 | 6.0.5 |\n| Microsoft.AspNetCore.App.Runtime.osx-arm64 | \u003e=6.0.0,6.0.4 | 6.0.5 |\n| Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | \u003e=6.0.0,6.0.4 | 6.0.5 |\n| Microsoft.AspNetCore.App.Runtime.linux-musl-arm | \u003e=6.0.0,6.0.4 | 6.0.5 |\n\n\n### Patches\n\n* If you\u0027re using .NET Core 6.0, you should download and install Runtime 6.0.5 or SDK 6.0.105 (for Visual Studio 2022 v17.0) or SDK 6.0.203 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.\n\n* If you\u0027re using .NET 5.0, you should download and install Runtime 5.0.17 or SDK 5.0.214 (for Visual Studio 2019 v16.9) or SDK 5.0.408 (for Visual Studio 2011 v16.11) from https://dotnet.microsoft.com/download/dotnet-core/5.0.\n\n* If you\u0027re using .NET Core 3.1, you should download and install Runtime 3.1.25 or SDK 3.1.419 (for Visual Studio 2019 v16.9 or Visual Studio 2011 16.11 or Visual Studio 2022 17.0 or Visual Studio 2022 17.1 ) from https://dotnet.microsoft.com/download/dotnet-core/3.1.\n\n.NET 6.0, .NET 5.0 and .NET Core 3.1 updates are also available from Microsoft Update. To access this either type \"Check for updates\" in your Windows search, or open Settings, choose Update \u0026 Security and then click Check for Updates.\n\n#### Other Details\n\n- Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/220\n- An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/41608\n- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29117\n", "id": "GHSA-3rq8-h3gj-r5c6", "modified": "2022-08-31T20:09:21Z", "published": "2022-08-30T19:32:29Z", "references": [ { "type": "WEB", "url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29117" }, { "type": "PACKAGE", "url": "https://github.com/dotnet/aspnetcore" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY" }, { "type": "WEB", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": " .NET Denial of Service Vulnerability" }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.