cve-2018-0764

Vulnerability from cvelistv5

Published

2018-01-10 01:00

Modified

2024-09-17 02:16

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/102387	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1040152	Third Party Advisory, VDB Entry
secure@microsoft.com	https://access.redhat.com/errata/RHSA-2018:0379	Third Party Advisory
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764	Patch, Vendor Advisory

Impacted products

▼	Vendor	Product
	Microsoft Corporation	.NET Framework and .NET Core

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.330Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102387",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102387"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764"
          },
          {
            "name": "RHSA-2018:0379",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0379"
          },
          {
            "name": "1040152",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040152"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": ".NET Framework and .NET Core",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-01T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "102387",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102387"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764"
        },
        {
          "name": "RHSA-2018:0379",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0379"
        },
        {
          "name": "1040152",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040152"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "DATE_PUBLIC": "2018-01-09T00:00:00",
          "ID": "CVE-2018-0764",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": ".NET Framework and .NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102387",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102387"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764"
            },
            {
              "name": "RHSA-2018:0379",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0379"
            },
            {
              "name": "1040152",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040152"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-0764",
    "datePublished": "2018-01-10T01:00:00Z",
    "dateReserved": "2017-12-01T00:00:00",
    "dateUpdated": "2024-09-17T02:16:15.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-0764\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2018-01-10T01:29:00.197\",\"lastModified\":\"2021-08-12T17:19:05.447\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \\\".NET and .NET Core Denial Of Service Vulnerability\\\". This CVE is unique from CVE-2018-0765.\"},{\"lang\":\"es\",\"value\":\"Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 5.7 y.NET Core 1.0, 1.1 y 2.0 permiten una vulnerabilidad de denegaci\u00f3n de servicio (DoS) debido a la forma en la que se procesan los documentos XML. Esto tambi\u00e9n se conoce como \\\".NET and .NET Core Denial Of Service Vulnerability\\\". Este CVE es diferente de CVE-2018-0765.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EDF760A-C775-457E-8091-586E56545B07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87DCF0-0552-4815-8148-C9894397C5EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7302633B-E263-4F85-8A38-D5C18394F292\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D6A900C-6173-466A-B54D-683A12F53138\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"42A6DF09-B8E1-414D-97E7-453566055279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D400E856-2B2E-4CEA-8CA5-309FDF371CEA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"232581CC-130A-4C62-A7E9-2EC9A9364D53\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEE2E768-0F45-46E1-B6D7-087917109D98\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EDC4407-7E92-4E60-82F0-0C87D1860D3A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*\",\"matchCriteriaId\":\"B320A104-9037-487E-BC9A-62B4A6B49FD0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40B3A045-B08A-44E0-91BE-726753F6A362\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"280FE663-23BE-45D2-9B31-5F577E390B48\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF0B660D-1F30-4D45-B98B-726EDB8CB90F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"232581CC-130A-4C62-A7E9-2EC9A9364D53\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734112B3-1383-4BE3-8721-C0F84566B764\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"280FE663-23BE-45D2-9B31-5F577E390B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF0B660D-1F30-4D45-B98B-726EDB8CB90F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734112B3-1383-4BE3-8721-C0F84566B764\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEE2E768-0F45-46E1-B6D7-087917109D98\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734112B3-1383-4BE3-8721-C0F84566B764\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B14968-3985-43C3-ACE5-8307196EFAE3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36B0E40A-84EF-4099-A395-75D6B8CDA196\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102387\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040152\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0379\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. This vulnerability CVE-2018-0765 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Title: Microsoft Security Update Releases Issued: January 25, 2018

Summary

The following CVEs have undergone a major revision increment:

CVE-2018-0764

Revision Information:

https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/CVE-2018-0764
Version: 3.0
Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0.0 because it is affected by CVE-2018-0764. See https://github.com/PowerShell/Announcements /issues/2 for more information.
Originally posted: January 9, 2018
Updated: January 25, 2018
Aggregate CVE Severity Rating: Important
CVE-2018-0786

Revision Information:

https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/CVE-2018-0786
Version: 3.0
Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0.0 because it is affected by CVE-2018-0786. See https://github.com/PowerShell/Announcements /issues/3 for more information.
Originally posted: January 9, 2018
Updated: January 25, 2018
Aggregate CVE Severity Rating: Important

Other Information

Recognize and avoid fraudulent email to Microsoft customers:

If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/dn753714.

THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Microsoft respects your privacy. Please read our online Privacy Statement at http://go.microsoft.com/fwlink/?LinkId=81184.

If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033.

These settings will not affect any newsletters youave requested or any mandatory service communications that are considered part of certain Microsoft services.

For legal Information, see: http://www.microsoft.com/info/legalinfo/default.mspx. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:0379-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0379 Issue date: 2018-03-01 CVE Names: CVE-2018-0764 =====================================================================

Summary:

An update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

It implements a subset of the .NET framework APIs and includes a CLR implementation.
Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm

x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2018-0764 https://access.redhat.com/security/updates/classification/#moderate https://github.com/dotnet/announcements/issues/52

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFal5nzXlSAg2UNWIIRAldoAKCOs8K/QXdtegDgV9D0EbgK5f8dpgCfdT/D hhk5BDNc5IZlJ+doPAaUxt4= =Pz4Z -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1150",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0 sp2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.0 sp2"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.0.0"
      },
      {
        "model": "windows server r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20120"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20120"
      },
      {
        "model": "windows server r2 for x64-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server for itanium-based systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server for 32-bit systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2016"
      },
      {
        "model": "windows rt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.1"
      },
      {
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.10"
      },
      {
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.10"
      },
      {
        "model": "windows for x64-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "model": "windows for 32-bit systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017030"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017030"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1016070"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1016070"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1015110"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1015110"
      },
      {
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "100"
      },
      {
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "100"
      },
      {
        "model": ".net framework sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0764"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0764"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "102387"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0764",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-0764",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-0764",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-0764",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201801-407",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0764"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765. This vulnerability CVE-2018-0765 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n********************************************************************\nTitle: Microsoft Security Update Releases\nIssued: January 25, 2018\n********************************************************************\n\nSummary\n======= \n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-0764\n  \nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance/\n   advisory/CVE-2018-0764\n - Version: 3.0\n - Reason for Revision: Revised the Affected Products table to \n   include PowerShell Core 6.0.0 because it is affected by \n   CVE-2018-0764. See https://github.com/PowerShell/Announcements\n   /issues/2 for more information. \n - Originally posted: January 9, 2018 \n - Updated: January 25, 2018\n - Aggregate CVE Severity Rating: Important\n\n* CVE-2018-0786\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance/\n   advisory/CVE-2018-0786\n - Version: 3.0\n - Reason for Revision: Revised the Affected Products table to\n   include PowerShell Core 6.0.0 because it is affected by \n   CVE-2018-0786. See https://github.com/PowerShell/Announcements\n   /issues/3 for more information. \n - Originally posted: January 9, 2018 \n - Updated: January 25, 2018\n - Aggregate CVE Severity Rating: Important\n\n\nOther Information\n=================\n\nRecognize and avoid fraudulent email to Microsoft customers:\n=============================================================\nIf you receive an email message that claims to be distributing \na Microsoft security update, it is a hoax that may contain \nmalware or pointers to malicious websites. Microsoft does \nnot distribute security updates via email. \n\nThe Microsoft Security Response Center (MSRC) uses PGP to digitally \nsign all security notifications. However, PGP is not required for \nreading security notifications, reading security bulletins, or \ninstalling security updates. You can obtain the MSRC public PGP key\nat \u003chttps://technet.microsoft.com/security/dn753714\u003e. \n\n********************************************************************\nTHE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS\nPROVIDED \"AS IS\" WITHOUT WARRANTY OF ANY KIND. MICROSOFT\nDISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING\nTHE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE. \nIN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE\nLIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,\nINCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL\nDAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN\nADVISED OF THE POSSIBILITY OF SUCH DAMAGES. \nSOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY\nFOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING\nLIMITATION MAY NOT APPLY. \n********************************************************************\n\nMicrosoft respects your privacy. Please read our online Privacy\nStatement at \u003chttp://go.microsoft.com/fwlink/?LinkId=81184\u003e. \n\nIf you would prefer not to receive future technical security\nnotification alerts by email from Microsoft and its family of\ncompanies please visit the following website to unsubscribe:\n\u003chttps://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar\nd.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e\u0026%3blcid=1033\u003e. \n\nThese settings will not affect any newsletters youave requested or\nany mandatory service communications that are considered part of\ncertain Microsoft services. \n\nFor legal Information, see:\n\u003chttp://www.microsoft.com/info/legalinfo/default.mspx\u003e. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID:       RHSA-2018:0379-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:0379\nIssue date:        2018-03-01\nCVE Names:         CVE-2018-0764 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and\nrh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and includes a CLR implementation. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0764\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://github.com/dotnet/announcements/issues/52\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFal5nzXlSAg2UNWIIRAldoAKCOs8K/QXdtegDgV9D0EbgK5f8dpgCfdT/D\nhhk5BDNc5IZlJ+doPAaUxt4=\n=Pz4Z\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0764"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "db": "BID",
        "id": "102387"
      },
      {
        "db": "PACKETSTORM",
        "id": "146116"
      },
      {
        "db": "PACKETSTORM",
        "id": "146617"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0764",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "102387",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1040152",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "146116",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "146617",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "db": "PACKETSTORM",
        "id": "146116"
      },
      {
        "db": "PACKETSTORM",
        "id": "146617"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0764"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      }
    ]
  },
  "id": "VAR-201801-1150",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.21178882
  },
  "last_update_date": "2023-12-18T13:52:49.759000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-0764 | .NET and .NET Core Denial Of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0764"
      },
      {
        "title": "CVE-2018-0764 | .NET \u304a\u3088\u3073 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2018-0764"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-19",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0764"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/102387"
      },
      {
        "trust": 1.9,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0764"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2018:0379"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1040152"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0764"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0764"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180110-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180002.html"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/powershell/announcements/issues/2"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/net/"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/info/legalinfo/default.mspx\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://go.microsoft.com/fwlink/?linkid=81184\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://github.com/powershell/announcements"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/"
      },
      {
        "trust": 0.1,
        "url": "https://technet.microsoft.com/security/dn753714\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://profile.microsoft.com/regsysprofilecenter/subscriptionwizar"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dotnet/announcements/issues/52"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-0764"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "db": "PACKETSTORM",
        "id": "146116"
      },
      {
        "db": "PACKETSTORM",
        "id": "146617"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0764"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "102387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "db": "PACKETSTORM",
        "id": "146116"
      },
      {
        "db": "PACKETSTORM",
        "id": "146617"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0764"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-09T00:00:00",
        "db": "BID",
        "id": "102387"
      },
      {
        "date": "2018-02-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "date": "2018-01-26T13:13:13",
        "db": "PACKETSTORM",
        "id": "146116"
      },
      {
        "date": "2018-03-01T23:24:00",
        "db": "PACKETSTORM",
        "id": "146617"
      },
      {
        "date": "2018-01-10T01:29:00.197000",
        "db": "NVD",
        "id": "CVE-2018-0764"
      },
      {
        "date": "2018-01-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-29T08:00:00",
        "db": "BID",
        "id": "102387"
      },
      {
        "date": "2018-02-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      },
      {
        "date": "2021-08-12T17:19:05.447000",
        "db": "NVD",
        "id": "CVE-2018-0764"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft .NET Framework and  .NET Core Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001243"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-407"
      }
    ],
    "trust": 0.6
  }
}

gsd-2018-0764

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-0764

Aliases

CVE-2018-0764

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0764",
    "description": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765.",
    "id": "GSD-2018-0764",
    "references": [
      "https://access.redhat.com/errata/RHSA-2018:0379"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0764"
      ],
      "details": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765.",
      "id": "GSD-2018-0764",
      "modified": "2023-12-13T01:22:24.307459Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "DATE_PUBLIC": "2018-01-09T00:00:00",
        "ID": "CVE-2018-0764",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": ".NET Framework and .NET Core",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "102387",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102387"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764"
          },
          {
            "name": "RHSA-2018:0379",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:0379"
          },
          {
            "name": "1040152",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040152"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,4.4.2)",
          "affected_versions": "All versions before 4.4.2",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2021-08-26",
          "description": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765.",
          "fixed_versions": [
            "4.4.2"
          ],
          "identifier": "CVE-2018-0764",
          "identifiers": [
            "GHSA-rr3c-f55v-qhv5",
            "CVE-2018-0764"
          ],
          "not_impacted": "All versions starting from 4.4.2",
          "package_slug": "nuget/System.Security.Cryptography.Xml",
          "pubdate": "2018-10-16",
          "solution": "Upgrade to version 4.4.2 or above.",
          "title": "Moderate severity vulnerability that affects System.Security.Cryptography.Xml",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-0764",
            "https://github.com/advisories/GHSA-rr3c-f55v-qhv5"
          ],
          "uuid": "f91e42ae-00ff-4df4-8787-1288ccc34982"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-0764"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764"
            },
            {
              "name": "1040152",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040152"
            },
            {
              "name": "102387",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102387"
            },
            {
              "name": "RHSA-2018:0379",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0379"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-08-12T17:19Z",
      "publishedDate": "2018-01-10T01:29Z"
    }
  }
}

rhsa-2018_0379

Vulnerability from csaf_redhat

Published

2018-03-01 07:51

Modified

2024-11-14 23:40

Summary

Red Hat Security Advisory: .NET Core on Red Hat Enterprise Linux security update

Notes

Topic

An update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

.NET Core is a managed software framework. It implements a subset of the .NET framework APIs and includes a CLR implementation. New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.9, 1.1.6, and 2.0.5. Security Fix(es): * .NET Core: Improper processing of XML documents can cause a denial of service (CVE-2018-0764) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat Enterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": ".NET Core is a managed software framework. It implements a subset of the .NET framework APIs and includes a CLR implementation.\n\nNew versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.9, 1.1.6, and 2.0.5.\n\nSecurity Fix(es):\n\n* .NET Core: Improper processing of XML documents can cause a denial of service (CVE-2018-0764)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:0379",
        "url": "https://access.redhat.com/errata/RHSA-2018:0379"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://github.com/dotnet/announcements/issues/52",
        "url": "https://github.com/dotnet/announcements/issues/52"
      },
      {
        "category": "external",
        "summary": "1533730",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1533730"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0379.json"
      }
    ],
    "title": "Red Hat Security Advisory: .NET Core on Red Hat Enterprise Linux security update",
    "tracking": {
      "current_release_date": "2024-11-14T23:40:11+00:00",
      "generator": {
        "date": "2024-11-14T23:40:11+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2018:0379",
      "initial_release_date": "2018-03-01T07:51:11+00:00",
      "revision_history": [
        {
          "date": "2018-03-01T07:51:11+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-03-01T07:51:11+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T23:40:11+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
                "product": {
                  "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
                  "product_id": "7ComputeNode-dotNET-1.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_dotnet:1.0::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-dotNET-1.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_dotnet:1.0::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation-dotNET-1.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_dotnet:1.0::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
                "product": {
                  "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
                  "product_id": "7ComputeNode-dotNET-1.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_dotnet:1.1::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-dotNET-1.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_dotnet:1.1::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation-dotNET-1.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_dotnet:1.1::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
                "product": {
                  "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
                  "product_id": "7ComputeNode-dotNET-2.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_dotnet:2.0::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-dotNET-2.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_dotnet:2.0::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation-dotNET-2.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_dotnet:2.0::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": ".NET Core on Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64",
                "product": {
                  "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64",
                  "product_id": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore@1.0.9-1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64",
                "product": {
                  "name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64",
                  "product_id": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore-debuginfo@1.0.9-1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64",
                "product": {
                  "name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64",
                  "product_id": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore-debuginfo@1.1.6-1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64",
                "product": {
                  "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64",
                  "product_id": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore@1.1.6-1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64",
                "product": {
                  "name": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64",
                  "product_id": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet-debuginfo@2.0.5-1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64",
                "product": {
                  "name": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64",
                  "product_id": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet-sdk-2.1@2.1.4-1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64",
                "product": {
                  "name": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64",
                  "product_id": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet-host@2.0.5-1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64",
                "product": {
                  "name": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64",
                  "product_id": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet-runtime-2.0@2.0.5-1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64",
                "product": {
                  "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64",
                  "product_id": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet@2.0.5-1.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src",
                "product": {
                  "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src",
                  "product_id": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore@1.0.9-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src",
                "product": {
                  "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src",
                  "product_id": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore@1.1.6-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src",
                "product": {
                  "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src",
                  "product_id": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet@2.0.5-1.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src"
        },
        "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src",
        "relates_to_product_reference": "7ComputeNode-dotNET-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64"
        },
        "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-dotNET-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64"
        },
        "product_reference": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-dotNET-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src"
        },
        "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src",
        "relates_to_product_reference": "7ComputeNode-dotNET-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64"
        },
        "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-dotNET-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64"
        },
        "product_reference": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-dotNET-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src"
        },
        "product_reference": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src",
        "relates_to_product_reference": "7ComputeNode-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64"
        },
        "product_reference": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64"
        },
        "product_reference": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64"
        },
        "product_reference": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64"
        },
        "product_reference": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64"
        },
        "product_reference": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src"
        },
        "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src",
        "relates_to_product_reference": "7Server-dotNET-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64"
        },
        "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64",
        "relates_to_product_reference": "7Server-dotNET-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64"
        },
        "product_reference": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64",
        "relates_to_product_reference": "7Server-dotNET-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src"
        },
        "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src",
        "relates_to_product_reference": "7Server-dotNET-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64"
        },
        "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64",
        "relates_to_product_reference": "7Server-dotNET-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64"
        },
        "product_reference": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64",
        "relates_to_product_reference": "7Server-dotNET-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src"
        },
        "product_reference": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src",
        "relates_to_product_reference": "7Server-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64"
        },
        "product_reference": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64",
        "relates_to_product_reference": "7Server-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64"
        },
        "product_reference": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64",
        "relates_to_product_reference": "7Server-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64"
        },
        "product_reference": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64",
        "relates_to_product_reference": "7Server-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64"
        },
        "product_reference": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64",
        "relates_to_product_reference": "7Server-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64"
        },
        "product_reference": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64",
        "relates_to_product_reference": "7Server-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src"
        },
        "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src",
        "relates_to_product_reference": "7Workstation-dotNET-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64"
        },
        "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64",
        "relates_to_product_reference": "7Workstation-dotNET-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64"
        },
        "product_reference": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64",
        "relates_to_product_reference": "7Workstation-dotNET-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src"
        },
        "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src",
        "relates_to_product_reference": "7Workstation-dotNET-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64"
        },
        "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64",
        "relates_to_product_reference": "7Workstation-dotNET-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64"
        },
        "product_reference": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64",
        "relates_to_product_reference": "7Workstation-dotNET-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src"
        },
        "product_reference": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src",
        "relates_to_product_reference": "7Workstation-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64"
        },
        "product_reference": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64",
        "relates_to_product_reference": "7Workstation-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64"
        },
        "product_reference": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64",
        "relates_to_product_reference": "7Workstation-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64"
        },
        "product_reference": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64",
        "relates_to_product_reference": "7Workstation-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64"
        },
        "product_reference": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64",
        "relates_to_product_reference": "7Workstation-dotNET-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64"
        },
        "product_reference": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64",
        "relates_to_product_reference": "7Workstation-dotNET-2.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-0764",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2018-01-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1533730"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Core: Improper processing of XML documents can cause a denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src",
          "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64",
          "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64",
          "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src",
          "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64",
          "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64",
          "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src",
          "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64",
          "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64",
          "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64",
          "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64",
          "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64",
          "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src",
          "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64",
          "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64",
          "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src",
          "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64",
          "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64",
          "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src",
          "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64",
          "7Server-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64",
          "7Server-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64",
          "7Server-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64",
          "7Server-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64",
          "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src",
          "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64",
          "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64",
          "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src",
          "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64",
          "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64",
          "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src",
          "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64",
          "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64",
          "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64",
          "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64",
          "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-0764"
        },
        {
          "category": "external",
          "summary": "RHBZ#1533730",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1533730"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0764",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-0764"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0764",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0764"
        }
      ],
      "release_date": "2017-11-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-03-01T07:51:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src",
            "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64",
            "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64",
            "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src",
            "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64",
            "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64",
            "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src",
            "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64",
            "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64",
            "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64",
            "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64",
            "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64",
            "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src",
            "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64",
            "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64",
            "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src",
            "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64",
            "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64",
            "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src",
            "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64",
            "7Server-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64",
            "7Server-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64",
            "7Server-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64",
            "7Server-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64",
            "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src",
            "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64",
            "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64",
            "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src",
            "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64",
            "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64",
            "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src",
            "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64",
            "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64",
            "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64",
            "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64",
            "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0379"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src",
            "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64",
            "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64",
            "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src",
            "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64",
            "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64",
            "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src",
            "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64",
            "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64",
            "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64",
            "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64",
            "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64",
            "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src",
            "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64",
            "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64",
            "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src",
            "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64",
            "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64",
            "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src",
            "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64",
            "7Server-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64",
            "7Server-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64",
            "7Server-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64",
            "7Server-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64",
            "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src",
            "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64",
            "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64",
            "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src",
            "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64",
            "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64",
            "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src",
            "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64",
            "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64",
            "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64",
            "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64",
            "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Core: Improper processing of XML documents can cause a denial of service"
    }
  ]
}

ghsa-rr3c-f55v-qhv5

Vulnerability from github

Published

2018-10-16 17:34

Modified

2022-04-27 19:25

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.Security.Cryptography.Xml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-0764"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:55:37Z",
    "nvd_published_at": "2018-01-10T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765.",
  "id": "GHSA-rr3c-f55v-qhv5",
  "modified": "2022-04-27T19:25:26Z",
  "published": "2018-10-16T17:34:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0764"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0379"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-rr3c-f55v-qhv5"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102387"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040152"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2018-0764

Vulnerability from cvelistv5

var-201801-1150

Vulnerability from variot

Summary

Revision Information:

Revision Information:

Other Information

Recognize and avoid fraudulent email to Microsoft customers:

gsd-2018-0764

Vulnerability from gsd

rhsa-2018_0379

Vulnerability from csaf_redhat

ghsa-rr3c-f55v-qhv5

Vulnerability from github

Tags

Sightings

Nomenclature