Action not permitted
Modal body text goes here.
cve-2021-1721
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721 | Patch, Vendor Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:18:11.551Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "PowerShell Core 7.1", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "7.1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "PowerShell Core 7.0", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET Core 2.1", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "2.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET Core 3.1", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "3.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET 5.0", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "5.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "16.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.8", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "16.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.9.0", "versionType": "custom" } ] } ], "datePublic": "2021-02-09T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": ".NET Core and Visual Studio Denial of Service Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en-US", "type": "Impact" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-29T22:33:17.653Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721" } ], "title": ".NET Core and Visual Studio Denial of Service Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2021-1721", "datePublished": "2021-02-25T23:01:26", "dateReserved": "2020-12-02T00:00:00", "dateUpdated": "2024-08-03T16:18:11.551Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-1721\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2021-02-25T23:15:13.210\",\"lastModified\":\"2023-12-29T17:15:53.590\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\".NET Core and Visual Studio Denial of Service Vulnerability\"},{\"lang\":\"es\",\"value\":\"Una Vulnerabilidad de Denegaci\u00f3n de Servicio de .NET Core y Visual Studio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndIncluding\":\"5.0.2\",\"matchCriteriaId\":\"8797E7EA-A66B-4B9C-AA2A-DAB08A8A16DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.1\",\"versionEndIncluding\":\"2.1.24\",\"matchCriteriaId\":\"7C5D87DA-378D-4457-986B-8A0796ED00EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1\",\"versionEndIncluding\":\"3.1.11\",\"matchCriteriaId\":\"1B672ED7-CB65-4D0E-AD4B-4508C4FA8C92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powershell_core:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A812D8D-C6DA-473E-A604-988BCDA26CDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powershell_core:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAFBD34E-F04C-4B1B-AFD4-0D926BC30609\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0\",\"versionEndIncluding\":\"15.9\",\"matchCriteriaId\":\"CE03B37D-72FE-4C25-BE62-9C422AEFC80E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndIncluding\":\"16.8\",\"matchCriteriaId\":\"FD824DE6-3564-4B7D-B45C-2EEE1F84C9D2\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}" } }
rhsa-2021_0473
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.103 and .NET Runtime 5.0.3.\n\nSecurity Fix(es):\n\n* dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0473", "url": "https://access.redhat.com/errata/RHSA-2021:0473" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1926918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926918" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0473.json" } ], "title": "Red Hat Security Advisory: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update", "tracking": { "current_release_date": "2024-11-15T09:39:10+00:00", "generator": { "date": "2024-11-15T09:39:10+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0473", "initial_release_date": "2021-02-10T17:01:19+00:00", "revision_history": [ { "date": "2021-02-10T17:01:19+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-02-10T17:01:19+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T09:39:10+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7" } } } ], "category": "product_family", "name": ".NET Core on Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "product_id": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-aspnetcore-runtime-5.0@5.0.3-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "product_id": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-aspnetcore-targeting-pack-5.0@5.0.3-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.103-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-apphost-pack-5.0@5.0.3-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-host@5.0.3-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-hostfxr-5.0@5.0.3-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-runtime-5.0@5.0.3-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-sdk-5.0@5.0.103-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-targeting-pack-5.0@5.0.3-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-templates-5.0@5.0.103-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64", "product_id": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-netstandard-targeting-pack-2.1@5.0.103-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64", "product": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64", "product_id": "rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet-debuginfo@5.0.103-1.el7_9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src", "product": { "name": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src", "product_id": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet50-dotnet@5.0.103-1.el7_9?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64" }, "product_reference": "rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-5.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-1721", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1926918" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: certificate chain building recursion Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-1721" }, { "category": "external", "summary": "RHBZ#1926918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926918" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-1721", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1721" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1721" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/175", "url": "https://github.com/dotnet/announcements/issues/175" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721" } ], "release_date": "2021-02-09T18:52:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-10T17:01:19+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0473" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64", "7ComputeNode-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src", "7Server-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64", "7Server-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-aspnetcore-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.src", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-0:5.0.103-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-apphost-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-debuginfo-0:5.0.103-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-host-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-hostfxr-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-runtime-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-sdk-5.0-0:5.0.103-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-targeting-pack-5.0-0:5.0.3-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-dotnet-templates-5.0-0:5.0.103-1.el7_9.x86_64", "7Workstation-dotNET-5.0:rh-dotnet50-netstandard-targeting-pack-2.1-0:5.0.103-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: certificate chain building recursion Denial of Service" } ] }
rhsa-2021_0476
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.103 and .NET Runtime 5.0.3.\n\nSecurity Fix(es):\n\n* dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0476", "url": "https://access.redhat.com/errata/RHSA-2021:0476" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1926918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926918" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0476.json" } ], "title": "Red Hat Security Advisory: dotnet5.0 security and bugfix update", "tracking": { "current_release_date": "2024-11-15T09:39:17+00:00", "generator": { "date": "2024-11-15T09:39:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0476", "initial_release_date": "2021-02-10T17:37:45+00:00", "revision_history": [ { "date": "2021-02-10T17:37:45+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-02-10T17:37:45+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T09:39:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "aspnetcore-runtime-5.0-0:5.0.3-1.el8_3.x86_64", "product": { "name": "aspnetcore-runtime-5.0-0:5.0.3-1.el8_3.x86_64", "product_id": "aspnetcore-runtime-5.0-0:5.0.3-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-runtime-5.0@5.0.3-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "aspnetcore-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64", "product": { "name": "aspnetcore-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64", "product_id": "aspnetcore-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-5.0@5.0.3-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-0:5.0.103-1.el8_3.x86_64", "product": { "name": "dotnet-0:5.0.103-1.el8_3.x86_64", "product_id": "dotnet-0:5.0.103-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet@5.0.103-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-5.0-0:5.0.3-1.el8_3.x86_64", "product": { "name": "dotnet-apphost-pack-5.0-0:5.0.3-1.el8_3.x86_64", "product_id": "dotnet-apphost-pack-5.0-0:5.0.3-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-5.0@5.0.3-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-host-0:5.0.3-1.el8_3.x86_64", "product": { "name": "dotnet-host-0:5.0.3-1.el8_3.x86_64", "product_id": "dotnet-host-0:5.0.3-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host@5.0.3-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-5.0-0:5.0.3-1.el8_3.x86_64", "product": { "name": "dotnet-hostfxr-5.0-0:5.0.3-1.el8_3.x86_64", "product_id": "dotnet-hostfxr-5.0-0:5.0.3-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-5.0@5.0.3-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-5.0-0:5.0.3-1.el8_3.x86_64", "product": { "name": "dotnet-runtime-5.0-0:5.0.3-1.el8_3.x86_64", "product_id": "dotnet-runtime-5.0-0:5.0.3-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-5.0@5.0.3-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-5.0-0:5.0.103-1.el8_3.x86_64", "product": { "name": "dotnet-sdk-5.0-0:5.0.103-1.el8_3.x86_64", "product_id": "dotnet-sdk-5.0-0:5.0.103-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-5.0@5.0.103-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64", "product": { "name": "dotnet-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64", "product_id": "dotnet-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-targeting-pack-5.0@5.0.3-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-templates-5.0-0:5.0.103-1.el8_3.x86_64", "product": { "name": "dotnet-templates-5.0-0:5.0.103-1.el8_3.x86_64", "product_id": "dotnet-templates-5.0-0:5.0.103-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-templates-5.0@5.0.103-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "netstandard-targeting-pack-2.1-0:5.0.103-1.el8_3.x86_64", "product": { "name": "netstandard-targeting-pack-2.1-0:5.0.103-1.el8_3.x86_64", "product_id": "netstandard-targeting-pack-2.1-0:5.0.103-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/netstandard-targeting-pack-2.1@5.0.103-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet5.0-debugsource-0:5.0.103-1.el8_3.x86_64", "product": { "name": "dotnet5.0-debugsource-0:5.0.103-1.el8_3.x86_64", "product_id": "dotnet5.0-debugsource-0:5.0.103-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet5.0-debugsource@5.0.103-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "product": { "name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "product_id": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-5.0-debuginfo@5.0.3-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-host-debuginfo-0:5.0.3-1.el8_3.x86_64", "product": { "name": "dotnet-host-debuginfo-0:5.0.3-1.el8_3.x86_64", "product_id": "dotnet-host-debuginfo-0:5.0.3-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host-debuginfo@5.0.3-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "product": { "name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "product_id": "dotnet-hostfxr-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-5.0-debuginfo@5.0.3-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "product": { "name": "dotnet-runtime-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "product_id": "dotnet-runtime-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-5.0-debuginfo@5.0.3-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-5.0-debuginfo-0:5.0.103-1.el8_3.x86_64", "product": { "name": "dotnet-sdk-5.0-debuginfo-0:5.0.103-1.el8_3.x86_64", "product_id": "dotnet-sdk-5.0-debuginfo-0:5.0.103-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-5.0-debuginfo@5.0.103-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet5.0-debuginfo-0:5.0.103-1.el8_3.x86_64", "product": { "name": "dotnet5.0-debuginfo-0:5.0.103-1.el8_3.x86_64", "product_id": "dotnet5.0-debuginfo-0:5.0.103-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet5.0-debuginfo@5.0.103-1.el8_3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "dotnet5.0-0:5.0.103-1.el8_3.src", "product": { "name": "dotnet5.0-0:5.0.103-1.el8_3.src", "product_id": "dotnet5.0-0:5.0.103-1.el8_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet5.0@5.0.103-1.el8_3?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-5.0-0:5.0.3-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.3-1.el8_3.x86_64" }, "product_reference": "aspnetcore-runtime-5.0-0:5.0.3-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64" }, "product_reference": "aspnetcore-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-0:5.0.103-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-0:5.0.103-1.el8_3.x86_64" }, "product_reference": "dotnet-0:5.0.103-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-5.0-0:5.0.3-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.3-1.el8_3.x86_64" }, "product_reference": "dotnet-apphost-pack-5.0-0:5.0.3-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64" }, "product_reference": "dotnet-apphost-pack-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-0:5.0.3-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-host-0:5.0.3-1.el8_3.x86_64" }, "product_reference": "dotnet-host-0:5.0.3-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-debuginfo-0:5.0.3-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-host-debuginfo-0:5.0.3-1.el8_3.x86_64" }, "product_reference": "dotnet-host-debuginfo-0:5.0.3-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-5.0-0:5.0.3-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.3-1.el8_3.x86_64" }, "product_reference": "dotnet-hostfxr-5.0-0:5.0.3-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64" }, "product_reference": "dotnet-hostfxr-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-5.0-0:5.0.3-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.3-1.el8_3.x86_64" }, "product_reference": "dotnet-runtime-5.0-0:5.0.3-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64" }, "product_reference": "dotnet-runtime-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-5.0-0:5.0.103-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.103-1.el8_3.x86_64" }, "product_reference": "dotnet-sdk-5.0-0:5.0.103-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-5.0-debuginfo-0:5.0.103-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.103-1.el8_3.x86_64" }, "product_reference": "dotnet-sdk-5.0-debuginfo-0:5.0.103-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64" }, "product_reference": "dotnet-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-5.0-0:5.0.103-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-templates-5.0-0:5.0.103-1.el8_3.x86_64" }, "product_reference": "dotnet-templates-5.0-0:5.0.103-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet5.0-0:5.0.103-1.el8_3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet5.0-0:5.0.103-1.el8_3.src" }, "product_reference": "dotnet5.0-0:5.0.103-1.el8_3.src", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet5.0-debuginfo-0:5.0.103-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.103-1.el8_3.x86_64" }, "product_reference": "dotnet5.0-debuginfo-0:5.0.103-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet5.0-debugsource-0:5.0.103-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.103-1.el8_3.x86_64" }, "product_reference": "dotnet5.0-debugsource-0:5.0.103-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "netstandard-targeting-pack-2.1-0:5.0.103-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:netstandard-targeting-pack-2.1-0:5.0.103-1.el8_3.x86_64" }, "product_reference": "netstandard-targeting-pack-2.1-0:5.0.103-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-1721", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1926918" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: certificate chain building recursion Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-debuginfo-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-templates-5.0-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet5.0-0:5.0.103-1.el8_3.src", "AppStream-8.3.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:netstandard-targeting-pack-2.1-0:5.0.103-1.el8_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-1721" }, { "category": "external", "summary": "RHBZ#1926918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926918" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-1721", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1721" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1721" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/175", "url": "https://github.com/dotnet/announcements/issues/175" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721" } ], "release_date": "2021-02-09T18:52:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-10T17:37:45+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-debuginfo-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-templates-5.0-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet5.0-0:5.0.103-1.el8_3.src", "AppStream-8.3.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:netstandard-targeting-pack-2.1-0:5.0.103-1.el8_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0476" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-debuginfo-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-5.0-debuginfo-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-5.0-debuginfo-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-5.0-0:5.0.3-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-templates-5.0-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet5.0-0:5.0.103-1.el8_3.src", "AppStream-8.3.0.Z.MAIN:dotnet5.0-debuginfo-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet5.0-debugsource-0:5.0.103-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:netstandard-targeting-pack-2.1-0:5.0.103-1.el8_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: certificate chain building recursion Denial of Service" } ] }
rhsa-2021_0471
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET Core is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.112 and .NET Core Runtime 3.1.12.\n\nSecurity Fix(es):\n\n* dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0471", "url": "https://access.redhat.com/errata/RHSA-2021:0471" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1926918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926918" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0471.json" } ], "title": "Red Hat Security Advisory: dotnet3.1 security and bugfix update", "tracking": { "current_release_date": "2024-11-15T09:38:40+00:00", "generator": { "date": "2024-11-15T09:38:40+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0471", "initial_release_date": "2021-02-10T16:39:44+00:00", "revision_history": [ { "date": "2021-02-10T16:39:44+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-02-10T16:39:44+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T09:38:40+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "aspnetcore-runtime-3.1-0:3.1.12-1.el8_3.x86_64", "product": { "name": "aspnetcore-runtime-3.1-0:3.1.12-1.el8_3.x86_64", "product_id": "aspnetcore-runtime-3.1-0:3.1.12-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-runtime-3.1@3.1.12-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "aspnetcore-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64", "product": { "name": "aspnetcore-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64", "product_id": "aspnetcore-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/aspnetcore-targeting-pack-3.1@3.1.12-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-3.1-0:3.1.12-1.el8_3.x86_64", "product": { "name": "dotnet-apphost-pack-3.1-0:3.1.12-1.el8_3.x86_64", "product_id": "dotnet-apphost-pack-3.1-0:3.1.12-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-3.1@3.1.12-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-3.1-0:3.1.12-1.el8_3.x86_64", "product": { "name": "dotnet-hostfxr-3.1-0:3.1.12-1.el8_3.x86_64", "product_id": "dotnet-hostfxr-3.1-0:3.1.12-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-3.1@3.1.12-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-3.1-0:3.1.12-1.el8_3.x86_64", "product": { "name": "dotnet-runtime-3.1-0:3.1.12-1.el8_3.x86_64", "product_id": "dotnet-runtime-3.1-0:3.1.12-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-3.1@3.1.12-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-3.1-0:3.1.112-1.el8_3.x86_64", "product": { "name": "dotnet-sdk-3.1-0:3.1.112-1.el8_3.x86_64", "product_id": "dotnet-sdk-3.1-0:3.1.112-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-3.1@3.1.112-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64", "product": { "name": "dotnet-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64", "product_id": "dotnet-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-targeting-pack-3.1@3.1.12-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-templates-3.1-0:3.1.112-1.el8_3.x86_64", "product": { "name": "dotnet-templates-3.1-0:3.1.112-1.el8_3.x86_64", "product_id": "dotnet-templates-3.1-0:3.1.112-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-templates-3.1@3.1.112-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet3.1-debugsource-0:3.1.112-1.el8_3.x86_64", "product": { "name": "dotnet3.1-debugsource-0:3.1.112-1.el8_3.x86_64", "product_id": "dotnet3.1-debugsource-0:3.1.112-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet3.1-debugsource@3.1.112-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "product": { "name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "product_id": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-apphost-pack-3.1-debuginfo@3.1.12-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "product": { "name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "product_id": "dotnet-hostfxr-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-hostfxr-3.1-debuginfo@3.1.12-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "product": { "name": "dotnet-runtime-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "product_id": "dotnet-runtime-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-3.1-debuginfo@3.1.12-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-3.1-debuginfo-0:3.1.112-1.el8_3.x86_64", "product": { "name": "dotnet-sdk-3.1-debuginfo-0:3.1.112-1.el8_3.x86_64", "product_id": "dotnet-sdk-3.1-debuginfo-0:3.1.112-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-3.1-debuginfo@3.1.112-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet3.1-debuginfo-0:3.1.112-1.el8_3.x86_64", "product": { "name": "dotnet3.1-debuginfo-0:3.1.112-1.el8_3.x86_64", "product_id": "dotnet3.1-debuginfo-0:3.1.112-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet3.1-debuginfo@3.1.112-1.el8_3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "dotnet3.1-0:3.1.112-1.el8_3.src", "product": { "name": "dotnet3.1-0:3.1.112-1.el8_3.src", "product_id": "dotnet3.1-0:3.1.112-1.el8_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet3.1@3.1.112-1.el8_3?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-runtime-3.1-0:3.1.12-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.12-1.el8_3.x86_64" }, "product_reference": "aspnetcore-runtime-3.1-0:3.1.12-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "aspnetcore-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64" }, "product_reference": "aspnetcore-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-3.1-0:3.1.12-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.12-1.el8_3.x86_64" }, "product_reference": "dotnet-apphost-pack-3.1-0:3.1.12-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64" }, "product_reference": "dotnet-apphost-pack-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-3.1-0:3.1.12-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.12-1.el8_3.x86_64" }, "product_reference": "dotnet-hostfxr-3.1-0:3.1.12-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-hostfxr-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64" }, "product_reference": "dotnet-hostfxr-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-3.1-0:3.1.12-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.12-1.el8_3.x86_64" }, "product_reference": "dotnet-runtime-3.1-0:3.1.12-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64" }, "product_reference": "dotnet-runtime-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-3.1-0:3.1.112-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.112-1.el8_3.x86_64" }, "product_reference": "dotnet-sdk-3.1-0:3.1.112-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-3.1-debuginfo-0:3.1.112-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.112-1.el8_3.x86_64" }, "product_reference": "dotnet-sdk-3.1-debuginfo-0:3.1.112-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64" }, "product_reference": "dotnet-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-templates-3.1-0:3.1.112-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-templates-3.1-0:3.1.112-1.el8_3.x86_64" }, "product_reference": "dotnet-templates-3.1-0:3.1.112-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet3.1-0:3.1.112-1.el8_3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet3.1-0:3.1.112-1.el8_3.src" }, "product_reference": "dotnet3.1-0:3.1.112-1.el8_3.src", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet3.1-debuginfo-0:3.1.112-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.112-1.el8_3.x86_64" }, "product_reference": "dotnet3.1-debuginfo-0:3.1.112-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet3.1-debugsource-0:3.1.112-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.112-1.el8_3.x86_64" }, "product_reference": "dotnet3.1-debugsource-0:3.1.112-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-1721", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1926918" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: certificate chain building recursion Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.112-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.112-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-templates-3.1-0:3.1.112-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet3.1-0:3.1.112-1.el8_3.src", "AppStream-8.3.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.112-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.112-1.el8_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-1721" }, { "category": "external", "summary": "RHBZ#1926918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926918" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-1721", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1721" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1721" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/175", "url": "https://github.com/dotnet/announcements/issues/175" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721" } ], "release_date": "2021-02-09T18:52:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-10T16:39:44+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.112-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.112-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-templates-3.1-0:3.1.112-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet3.1-0:3.1.112-1.el8_3.src", "AppStream-8.3.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.112-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.112-1.el8_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0471" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.Z.MAIN:aspnetcore-runtime-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:aspnetcore-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-apphost-pack-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-hostfxr-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-3.1-debuginfo-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-0:3.1.112-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-3.1-debuginfo-0:3.1.112-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-targeting-pack-3.1-0:3.1.12-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-templates-3.1-0:3.1.112-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet3.1-0:3.1.112-1.el8_3.src", "AppStream-8.3.0.Z.MAIN:dotnet3.1-debuginfo-0:3.1.112-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet3.1-debugsource-0:3.1.112-1.el8_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: certificate chain building recursion Denial of Service" } ] }
rhsa-2021_0474
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for .NET Core 2.1 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET Core is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 2.1.521 and .NET Core Runtime 2.1.25.\n\nSecurity Fix(es):\n\n* dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0474", "url": "https://access.redhat.com/errata/RHSA-2021:0474" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1926918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926918" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0474.json" } ], "title": "Red Hat Security Advisory: dotnet security and bugfix update", "tracking": { "current_release_date": "2024-11-15T09:39:03+00:00", "generator": { "date": "2024-11-15T09:39:03+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0474", "initial_release_date": "2021-02-10T17:31:17+00:00", "revision_history": [ { "date": "2021-02-10T17:31:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-02-10T17:31:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T09:39:03+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "dotnet-0:2.1.521-1.el8_3.src", "product": { "name": "dotnet-0:2.1.521-1.el8_3.src", "product_id": "dotnet-0:2.1.521-1.el8_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet@2.1.521-1.el8_3?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "dotnet-host-fxr-2.1-0:2.1.25-1.el8_3.x86_64", "product": { "name": "dotnet-host-fxr-2.1-0:2.1.25-1.el8_3.x86_64", "product_id": "dotnet-host-fxr-2.1-0:2.1.25-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host-fxr-2.1@2.1.25-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-2.1-0:2.1.25-1.el8_3.x86_64", "product": { "name": "dotnet-runtime-2.1-0:2.1.25-1.el8_3.x86_64", "product_id": "dotnet-runtime-2.1-0:2.1.25-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-2.1@2.1.25-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-2.1-0:2.1.521-1.el8_3.x86_64", "product": { "name": "dotnet-sdk-2.1-0:2.1.521-1.el8_3.x86_64", "product_id": "dotnet-sdk-2.1-0:2.1.521-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-2.1@2.1.521-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-2.1.5xx-0:2.1.521-1.el8_3.x86_64", "product": { "name": "dotnet-sdk-2.1.5xx-0:2.1.521-1.el8_3.x86_64", "product_id": "dotnet-sdk-2.1.5xx-0:2.1.521-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-2.1.5xx@2.1.521-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-debugsource-0:2.1.521-1.el8_3.x86_64", "product": { "name": "dotnet-debugsource-0:2.1.521-1.el8_3.x86_64", "product_id": "dotnet-debugsource-0:2.1.521-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-debugsource@2.1.521-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-debuginfo-0:2.1.521-1.el8_3.x86_64", "product": { "name": "dotnet-debuginfo-0:2.1.521-1.el8_3.x86_64", "product_id": "dotnet-debuginfo-0:2.1.521-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-debuginfo@2.1.521-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-host-fxr-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64", "product": { "name": "dotnet-host-fxr-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64", "product_id": "dotnet-host-fxr-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-host-fxr-2.1-debuginfo@2.1.25-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-runtime-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64", "product": { "name": "dotnet-runtime-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64", "product_id": "dotnet-runtime-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-runtime-2.1-debuginfo@2.1.25-1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "dotnet-sdk-2.1.5xx-debuginfo-0:2.1.521-1.el8_3.x86_64", "product": { "name": "dotnet-sdk-2.1.5xx-debuginfo-0:2.1.521-1.el8_3.x86_64", "product_id": "dotnet-sdk-2.1.5xx-debuginfo-0:2.1.521-1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dotnet-sdk-2.1.5xx-debuginfo@2.1.521-1.el8_3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "dotnet-0:2.1.521-1.el8_3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-0:2.1.521-1.el8_3.src" }, "product_reference": "dotnet-0:2.1.521-1.el8_3.src", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-debuginfo-0:2.1.521-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-debuginfo-0:2.1.521-1.el8_3.x86_64" }, "product_reference": "dotnet-debuginfo-0:2.1.521-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-debugsource-0:2.1.521-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-debugsource-0:2.1.521-1.el8_3.x86_64" }, "product_reference": "dotnet-debugsource-0:2.1.521-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-fxr-2.1-0:2.1.25-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-host-fxr-2.1-0:2.1.25-1.el8_3.x86_64" }, "product_reference": "dotnet-host-fxr-2.1-0:2.1.25-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-host-fxr-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-host-fxr-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64" }, "product_reference": "dotnet-host-fxr-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-2.1-0:2.1.25-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-runtime-2.1-0:2.1.25-1.el8_3.x86_64" }, "product_reference": "dotnet-runtime-2.1-0:2.1.25-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-runtime-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-runtime-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64" }, "product_reference": "dotnet-runtime-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-2.1-0:2.1.521-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-sdk-2.1-0:2.1.521-1.el8_3.x86_64" }, "product_reference": "dotnet-sdk-2.1-0:2.1.521-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-2.1.5xx-0:2.1.521-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-sdk-2.1.5xx-0:2.1.521-1.el8_3.x86_64" }, "product_reference": "dotnet-sdk-2.1.5xx-0:2.1.521-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "dotnet-sdk-2.1.5xx-debuginfo-0:2.1.521-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.3.0.Z.MAIN:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.521-1.el8_3.x86_64" }, "product_reference": "dotnet-sdk-2.1.5xx-debuginfo-0:2.1.521-1.el8_3.x86_64", "relates_to_product_reference": "AppStream-8.3.0.Z.MAIN" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-1721", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1926918" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: certificate chain building recursion Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.3.0.Z.MAIN:dotnet-0:2.1.521-1.el8_3.src", "AppStream-8.3.0.Z.MAIN:dotnet-debuginfo-0:2.1.521-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-debugsource-0:2.1.521-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-fxr-2.1-0:2.1.25-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-fxr-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-2.1-0:2.1.25-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-2.1-0:2.1.521-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-2.1.5xx-0:2.1.521-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.521-1.el8_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-1721" }, { "category": "external", "summary": "RHBZ#1926918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926918" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-1721", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1721" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1721" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/175", "url": "https://github.com/dotnet/announcements/issues/175" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721" } ], "release_date": "2021-02-09T18:52:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-10T17:31:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.3.0.Z.MAIN:dotnet-0:2.1.521-1.el8_3.src", "AppStream-8.3.0.Z.MAIN:dotnet-debuginfo-0:2.1.521-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-debugsource-0:2.1.521-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-fxr-2.1-0:2.1.25-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-fxr-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-2.1-0:2.1.25-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-2.1-0:2.1.521-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-2.1.5xx-0:2.1.521-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.521-1.el8_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0474" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.3.0.Z.MAIN:dotnet-0:2.1.521-1.el8_3.src", "AppStream-8.3.0.Z.MAIN:dotnet-debuginfo-0:2.1.521-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-debugsource-0:2.1.521-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-fxr-2.1-0:2.1.25-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-host-fxr-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-2.1-0:2.1.25-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-runtime-2.1-debuginfo-0:2.1.25-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-2.1-0:2.1.521-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-2.1.5xx-0:2.1.521-1.el8_3.x86_64", "AppStream-8.3.0.Z.MAIN:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.521-1.el8_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: certificate chain building recursion Denial of Service" } ] }
rhsa-2021_0470
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 2.1.521 and .NET Core Runtime 2.1.25.\n\nSecurity Fix(es):\n\n* dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0470", "url": "https://access.redhat.com/errata/RHSA-2021:0470" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1926918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926918" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0470.json" } ], "title": "Red Hat Security Advisory: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update", "tracking": { "current_release_date": "2024-11-15T09:38:47+00:00", "generator": { "date": "2024-11-15T09:38:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0470", "initial_release_date": "2021-02-10T17:01:10+00:00", "revision_history": [ { "date": "2021-02-10T17:01:10+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-02-10T17:01:10+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T09:38:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:2.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:2.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:2.1::el7" } } } ], "category": "product_family", "name": ".NET Core on Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet21-0:2.1-24.el7_9.src", "product": { "name": "rh-dotnet21-0:2.1-24.el7_9.src", "product_id": "rh-dotnet21-0:2.1-24.el7_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet21@2.1-24.el7_9?arch=src" } } }, { "category": "product_version", "name": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src", "product": { "name": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src", "product_id": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet21-dotnet@2.1.521-1.el7_9?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet21-0:2.1-24.el7_9.x86_64", "product": { "name": "rh-dotnet21-0:2.1-24.el7_9.x86_64", "product_id": "rh-dotnet21-0:2.1-24.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet21@2.1-24.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64", "product": { "name": "rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64", "product_id": "rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet21-runtime@2.1-24.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64", "product": { "name": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64", "product_id": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet21-dotnet@2.1.521-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64", "product": { "name": "rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64", "product_id": "rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-host@2.1.25-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64", "product": { "name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64", "product_id": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-runtime-2.1@2.1.25-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64", "product": { "name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64", "product_id": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-sdk-2.1@2.1.521-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64", "product": { "name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64", "product_id": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-sdk-2.1.5xx@2.1.521-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64", "product": { "name": "rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64", "product_id": "rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-debuginfo@2.1.521-1.el7_9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-0:2.1-24.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.src" }, "product_reference": "rh-dotnet21-0:2.1-24.el7_9.src", "relates_to_product_reference": "7ComputeNode-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-0:2.1-24.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.x86_64" }, "product_reference": "rh-dotnet21-0:2.1-24.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src" }, "product_reference": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src", "relates_to_product_reference": "7ComputeNode-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64" }, "product_reference": "rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-0:2.1-24.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.src" }, "product_reference": "rh-dotnet21-0:2.1-24.el7_9.src", "relates_to_product_reference": "7Server-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-0:2.1-24.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.x86_64" }, "product_reference": "rh-dotnet21-0:2.1-24.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src" }, "product_reference": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src", "relates_to_product_reference": "7Server-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.1:rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64" }, "product_reference": "rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-0:2.1-24.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.src" }, "product_reference": "rh-dotnet21-0:2.1-24.el7_9.src", "relates_to_product_reference": "7Workstation-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-0:2.1-24.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.x86_64" }, "product_reference": "rh-dotnet21-0:2.1-24.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src" }, "product_reference": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src", "relates_to_product_reference": "7Workstation-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64" }, "product_reference": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.1:rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64" }, "product_reference": "rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-1721", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1926918" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: certificate chain building recursion Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.src", "7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.src", "7Server-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src", "7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.src", "7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-1721" }, { "category": "external", "summary": "RHBZ#1926918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926918" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-1721", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1721" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1721" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/175", "url": "https://github.com/dotnet/announcements/issues/175" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721" } ], "release_date": "2021-02-09T18:52:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-10T17:01:10+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.src", "7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.src", "7Server-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src", "7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.src", "7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0470" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.src", "7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64", "7ComputeNode-dotNET-2.1:rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.src", "7Server-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src", "7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64", "7Server-dotNET-2.1:rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.src", "7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-24.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.src", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.521-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.521-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.25-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.25-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.521-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.521-1.el7_9.x86_64", "7Workstation-dotNET-2.1:rh-dotnet21-runtime-0:2.1-24.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: certificate chain building recursion Denial of Service" } ] }
rhsa-2021_0472
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET Core is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.112 and .NET Core Runtime 3.1.12.\n\nSecurity Fix(es):\n\n* dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0472", "url": "https://access.redhat.com/errata/RHSA-2021:0472" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1926918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926918" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0472.json" } ], "title": "Red Hat Security Advisory: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update", "tracking": { "current_release_date": "2024-11-15T09:38:54+00:00", "generator": { "date": "2024-11-15T09:38:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:0472", "initial_release_date": "2021-02-10T17:01:20+00:00", "revision_history": [ { "date": "2021-02-10T17:01:20+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-02-10T17:01:20+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T09:38:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7" } } } ], "category": "product_family", "name": ".NET Core on Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "product_id": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-aspnetcore-runtime-3.1@3.1.12-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "product_id": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-aspnetcore-targeting-pack-3.1@3.1.12-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.112-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-apphost-pack-3.1@3.1.12-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-host@3.1.12-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-hostfxr-3.1@3.1.12-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-runtime-3.1@3.1.12-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-sdk-3.1@3.1.112-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-targeting-pack-3.1@3.1.12-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-templates-3.1@3.1.112-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64", "product_id": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-netstandard-targeting-pack-2.1@3.1.112-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64", "product": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64", "product_id": "rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet-debuginfo@3.1.112-1.el7_9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src", "product": { "name": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src", "product_id": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet31-dotnet@3.1.112-1.el7_9?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64" }, "product_reference": "rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-3.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-1721", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2021-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1926918" } ], "notes": [ { "category": "description", "text": "A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: certificate chain building recursion Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-1721" }, { "category": "external", "summary": "RHBZ#1926918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926918" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-1721", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1721" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1721" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/175", "url": "https://github.com/dotnet/announcements/issues/175" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721" } ], "release_date": "2021-02-09T18:52:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-10T17:01:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0472" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64", "7ComputeNode-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src", "7Server-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64", "7Server-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.src", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-0:3.1.112-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-debuginfo-0:3.1.112-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-host-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-runtime-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-sdk-3.1-0:3.1.112-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.12-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-dotnet-templates-3.1-0:3.1.112-1.el7_9.x86_64", "7Workstation-dotNET-3.1:rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.112-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: certificate chain building recursion Denial of Service" } ] }
gsd-2021-1721
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2021-1721", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "id": "GSD-2021-1721", "references": [ "https://access.redhat.com/errata/RHSA-2021:0476", "https://access.redhat.com/errata/RHSA-2021:0474", "https://access.redhat.com/errata/RHSA-2021:0473", "https://access.redhat.com/errata/RHSA-2021:0472", "https://access.redhat.com/errata/RHSA-2021:0471", "https://access.redhat.com/errata/RHSA-2021:0470", "https://security.archlinux.org/CVE-2021-1721", "https://linux.oracle.com/cve/CVE-2021-1721.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-1721" ], "details": ".NET Core and Visual Studio Denial of Service Vulnerability", "id": "GSD-2021-1721", "modified": "2023-12-13T01:23:23.619889Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2021-1721", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "16.0.0", "version_value": "publication" } ] } }, { "product_name": "PowerShell Core 7.1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "7.1.0", "version_value": "publication" } ] } }, { "product_name": "PowerShell Core 7.0", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "7.0.0", "version_value": "publication" } ] } }, { "product_name": ".NET Core 2.1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "2.1", "version_value": "publication" } ] } }, { "product_name": ".NET Core 3.1", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "3.1", "version_value": "publication" } ] } }, { "product_name": ".NET 5.0", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "5.0.0", "version_value": "publication" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "16.0", "version_value": "publication" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.8", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "16.0", "version_value": "publication" } ] } }, { "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "15.9.0", "version_value": "publication" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": ".NET Core and Visual Studio Denial of Service Vulnerability" } ] }, "impact": { "cvss": [ { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "[3.1.0,3.1.12)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12", "package_slug": "nuget/Microsoft.NETCore.App.Host.linux-arm", "pubdate": "2022-05-24", "solution": "Upgrade to version 3.1.12 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "84e235e5-06b4-4851-8e91-90eae505d362" }, { "affected_range": "[3.1.0,3.1.12)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12", "package_slug": "nuget/Microsoft.NETCore.App.Host.linux-arm64", "pubdate": "2022-05-24", "solution": "Upgrade to version 3.1.12 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "a41c96c3-bb1c-4fba-9067-399ea343f7b7" }, { "affected_range": "[3.1.0,3.1.12)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12", "package_slug": "nuget/Microsoft.NETCore.App.Host.linux-musl-arm64", "pubdate": "2022-05-24", "solution": "Upgrade to version 3.1.12 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "a77751c0-f741-4123-8fba-37967273b74a" }, { "affected_range": "[3.1.0,3.1.12)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12", "package_slug": "nuget/Microsoft.NETCore.App.Host.linux-musl-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 3.1.12 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "7990a549-52bd-4e9d-a3ba-dcff33cef33c" }, { "affected_range": "[3.1.0,3.1.12)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12", "package_slug": "nuget/Microsoft.NETCore.App.Host.linux-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 3.1.12 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "9160c0e0-d0e6-481d-8521-dea61e87868d" }, { "affected_range": "[3.1.0,3.1.12)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12", "package_slug": "nuget/Microsoft.NETCore.App.Host.osx-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 3.1.12 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "9643cbe7-c055-4699-86a8-09cf1bb32418" }, { "affected_range": "[3.1.0,3.1.12)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12", "package_slug": "nuget/Microsoft.NETCore.App.Host.rhel.6-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 3.1.12 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "e66a5c5c-9747-455d-863b-3077add8a429" }, { "affected_range": "[3.1.0,3.1.12)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12", "package_slug": "nuget/Microsoft.NETCore.App.Host.win-arm", "pubdate": "2022-05-24", "solution": "Upgrade to version 3.1.12 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "a150ae6d-f629-45d8-b2ba-e03423e5ec17" }, { "affected_range": "[3.1.0,3.1.12)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12", "package_slug": "nuget/Microsoft.NETCore.App.Host.win-arm64", "pubdate": "2022-05-24", "solution": "Upgrade to version 3.1.12 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "be9569b7-8917-4c39-ae82-dd55209c0d28" }, { "affected_range": "[3.1.0,3.1.12)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12", "package_slug": "nuget/Microsoft.NETCore.App.Host.win-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 3.1.12 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "c8e76cb0-922f-4e3c-bcd3-db410d80e8f1" }, { "affected_range": "[3.1.0,3.1.12)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12", "package_slug": "nuget/Microsoft.NETCore.App.Host.win-x86", "pubdate": "2022-05-24", "solution": "Upgrade to version 3.1.12 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "07809ea5-408b-4d55-8ec7-a295d97f95ed" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "e9869152-18ac-478d-99d5-a5ca188a9fc6" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "534049e1-91c8-42f9-836f-32a1fa08b33d" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "e857387f-9718-40d9-95dd-00eb673fb509" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "59b1bfd4-c852-41aa-952d-b922c01ec15c" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "d80cbd36-23fe-4a63-995f-563b788fc16d" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "51a6fee9-8bb8-4296-bf40-671cd12c3f3b" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-arm", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "7bf6a45d-cb7d-4676-99bb-3c36c0d2b9df" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-arm64", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "8a2771ce-ee8a-4409-8be4-94b8ab89ed00" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "604becac-289d-4f3c-a938-154a6b14e516" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "09de5cc0-5c33-46c2-bd2c-0c9cbf6b434a" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.osx-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "2cc20a34-2f9c-4fc2-815a-de54d55cb769" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.android-arm", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "91ec0fed-ec46-46a1-b937-65c7614161e4" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.android-arm64", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "386ff987-9262-4a8a-82bd-75b53ebfa109" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.android-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "f2c608c7-70aa-4d2b-8600-195d88260b8b" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.android-x86", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "197650df-79b6-49c9-b162-9107f155ed43" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.browser-wasm", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "03ee5118-d328-425c-8044-79b01f6a31bf" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.ios-arm", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "237738ae-0ac2-406e-b2d2-60c0dd1725f0" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.ios-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "05de8093-dee5-4193-9bff-710ed5540489" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.ios-x86", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "a5302225-2811-4493-aeb8-a23e522e9751" }, { "affected_range": "[3.1.0,3.1.12),[5.0.0,5.0.3)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12, all versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12", "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12 before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-arm", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.12, 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "b0099074-4fc4-4739-ab48-f001b244aa6d" }, { "affected_range": "[3.1.0,3.1.12),[5.0.0,5.0.3)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12, all versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12", "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12 before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-arm64", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.12, 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "8f665d9a-ebaa-4147-a480-1f80cf6b0f1f" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-musl-arm", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "d9b95e55-c5db-412e-be75-38caf6db5aa3" }, { "affected_range": "[3.1.0,3.1.12),[5.0.0,5.0.3)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12, all versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12", "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12 before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-musl-arm64", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.12, 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "df7115bc-764e-4972-bbc4-4b6a2c2f9eac" }, { "affected_range": "[3.1.0,3.1.12),[5.0.0,5.0.3)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12, all versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12", "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12 before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-musl-x64", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.12, 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "ce113d7d-6f51-40af-9a5a-e5780ddf36f2" }, { "affected_range": "[3.1.0,3.1.12),[5.0.0,5.0.3)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12, all versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12", "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12 before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-x64", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.12, 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "f7ff789a-5eb8-432e-9646-319a4bfacb93" }, { "affected_range": "[3.1.0,3.1.12),[5.0.0,5.0.3)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12, all versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12", "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12 before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.osx-x64", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.12, 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "3bf8e1ee-bf3d-455c-91d0-d65c876215f3" }, { "affected_range": "[3.1.0,3.1.12)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.rhel.6-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 3.1.12 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "ef575856-9343-4f09-bd49-4bdcab2b35fa" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.tvos-arm64", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "0e7a1106-b111-4ccb-a2b1-07c7ecd98cb8" }, { "affected_range": "[5.0.0,5.0.3)", "affected_versions": "All versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.tvos-x64", "pubdate": "2022-05-24", "solution": "Upgrade to version 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "88334f8d-5142-416a-8cd9-549887be762a" }, { "affected_range": "[3.1.0,3.1.12),[5.0.0,5.0.3)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12, all versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12", "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12 before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-arm", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.12, 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "f136b85c-c341-4384-8a07-5ee1fec4edd6" }, { "affected_range": "[3.1.0,3.1.12),[5.0.0,5.0.3)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12, all versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12", "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12 before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-arm64", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.12, 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "c950d261-0536-4817-8315-200b5de3af47" }, { "affected_range": "[3.1.0,3.1.12),[5.0.0,5.0.3)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12, all versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12", "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12 before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-x64", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.12, 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "4b6590bf-698a-476c-a240-eb5370c16014" }, { "affected_range": "[3.1.0,3.1.12),[5.0.0,5.0.3)", "affected_versions": "All versions starting from 3.1.0 before 3.1.12, all versions starting from 5.0.0 before 5.0.3", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "3.1.12", "5.0.3" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.12 before 5.0.0, all versions starting from 5.0.3", "package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-x86", "pubdate": "2022-05-24", "solution": "Upgrade to versions 3.1.12, 5.0.3 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "4fa77efe-c202-48ef-a648-a2b3e29a2f5b" }, { "affected_range": "[2.1.0,2.1.25)", "affected_versions": "All versions starting from 2.1.0 before 2.1.25", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-11-01", "description": ".NET Core and Visual Studio Denial of Service Vulnerability", "fixed_versions": [ "2.1.25" ], "identifier": "CVE-2021-1721", "identifiers": [ "GHSA-3gp9-h8hw-pxpw", "CVE-2021-1721" ], "not_impacted": "All versions before 2.1.0, all versions starting from 2.1.25", "package_slug": "nuget/Microsoft.NETCore.App", "pubdate": "2022-05-24", "solution": "Upgrade to version 2.1.25 or above.", "title": "Denial of service in .NET core", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-1721", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721", "https://github.com/dotnet/announcements/issues/175", "https://github.com/dotnet/runtime/issues/48067", "https://github.com/advisories/GHSA-3gp9-h8hw-pxpw" ], "uuid": "93f0eb43-f3ba-413f-847e-d65fb9be50c1" } ] }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "8797E7EA-A66B-4B9C-AA2A-DAB08A8A16DB", "versionEndIncluding": "5.0.2", "versionStartIncluding": "5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C5D87DA-378D-4457-986B-8A0796ED00EB", "versionEndIncluding": "2.1.24", "versionStartIncluding": "2.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B672ED7-CB65-4D0E-AD4B-4508C4FA8C92", "versionEndIncluding": "3.1.11", "versionStartIncluding": "3.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:powershell_core:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6A812D8D-C6DA-473E-A604-988BCDA26CDD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:powershell_core:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "AAFBD34E-F04C-4B1B-AFD4-0D926BC30609", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", "versionEndIncluding": "15.9", "versionStartIncluding": "15.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD824DE6-3564-4B7D-B45C-2EEE1F84C9D2", "versionEndIncluding": "16.8", "versionStartIncluding": "16.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": ".NET Core and Visual Studio Denial of Service Vulnerability" }, { "lang": "es", "value": "Una Vulnerabilidad de Denegaci\u00f3n de Servicio de .NET Core y Visual Studio" } ], "id": "CVE-2021-1721", "lastModified": "2023-12-29T17:15:53.590", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary" } ] }, "published": "2021-02-25T23:15:13.210", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] } } } }
var-202102-0778
Vulnerability from variot
.NET Core and Visual Studio Denial of Service Vulnerability. plural Microsoft The product interferes with service operation (DoS) A vulnerability exists.Denial of service (DoS) It may be put into a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:0473-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0473 Issue date: 2021-02-10 CVE Names: CVE-2021-1721 ==================================================================== 1. Summary:
An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.103 and .NET Runtime 5.0.3.
Security Fix(es):
- dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-1721 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYCQRkNzjgjWX9erEAQgNpQ//YOPnsrlO2lww9KzO1WQGieOjqQ1xLZxZ YEgR3XbSuOiS0y7an842VNVht52BEh+maxUN3cdZfHqkBmb3+Ax4Tdnh/oH2CuYT lNkzcQcU/XxNWgpYE6Whu7o5+b7hS8e4khpoH3snamtuL62G2ncH07/cQOeWLi4o EixaJXGxfkq7b3UoDqq8iTj/3NQNmOaD72O2Rp2/yYjLWKtBRKq4sK756wpC+iEj qs+/z6NRTpw7swp8zpB2SsKpBhaCleqeVez7TAaDQ+yvT5Hijosn87CdDAMgVHxa rzqPzKaEMO/DYvirp70sm0EWaaEkX6FbR2LJRzKH6AxBWbyboIBnGrE8W/EfrI/f 6qeQZ/+GKMqabT7z7x79RzExgg6GPwdvnI2koD3hgT28CEZpnZZ6fmYMlvD5pfNT yPL8jzGRs725jpk2EsjyrIpNRPXqXgiFhmEA/JD2dr6surGj0UCmvHqEzKgGdHDR K8jG/u93IZhP+ijnxrw0gOnrCHq5chwxxpPaD1LvSgCmULjzks21zLbcB4qOldLH ey6xIPrdQcyRtJBecfb9IAN9ygCZXfz0HdRB+0ChK31D+Bhp2ORbJXxPPWYNVbp9 97pAQ2MYpEYDKUUn5lQ43Qj1WlF2D9+dXquuWYjD+1FZYmSXFfUnIx6HY7asElhc +Hn3J/UvwRI\xefGS -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0778", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net core", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "3.1.11" }, { "model": "visual studio 2017", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "15.0" }, { "model": ".net", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "5.0" }, { "model": "powershell core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "7.1" }, { "model": ".net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "2.1" }, { "model": "visual studio 2019", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "16.0" }, { "model": "visual studio 2017", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "15.9" }, { "model": ".net core", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "2.1.24" }, { "model": "visual studio 2019", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "16.8" }, { "model": ".net", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "5.0.2" }, { "model": "powershell core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "7.0" }, { "model": ".net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "3.1" }, { "model": "microsoft visual studio", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "7.0" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "7.1" }, { "model": ".net core", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": ".net", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "NVD", "id": "CVE-2021-1721" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.0.2", "versionStartIncluding": "5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.1.24", "versionStartIncluding": "2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.1.11", "versionStartIncluding": "3.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.9", "versionStartIncluding": "15.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.8", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-1721" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "161371" }, { "db": "PACKETSTORM", "id": "161376" }, { "db": "PACKETSTORM", "id": "161372" }, { "db": "PACKETSTORM", "id": "161370" }, { "db": "PACKETSTORM", "id": "161373" }, { "db": "PACKETSTORM", "id": "161375" }, { "db": "CNNVD", "id": "CNNVD-202102-667" } ], "trust": 1.2 }, "cve": "CVE-2021-1721", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-1721", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-1721", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-1721", "trust": 1.8, "value": "MEDIUM" }, { "author": "secure@microsoft.com", "id": "CVE-2021-1721", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202102-667", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-1721", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-1721" }, { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "NVD", "id": "CVE-2021-1721" }, { "db": "NVD", "id": "CVE-2021-1721" }, { "db": "CNNVD", "id": "CNNVD-202102-667" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET Core and Visual Studio Denial of Service Vulnerability. plural Microsoft The product interferes with service operation (DoS) A vulnerability exists.Denial of service (DoS) It may be put into a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID: RHSA-2021:0473-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0473\nIssue date: 2021-02-10\nCVE Names: CVE-2021-1721\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet50-dotnet is now available for .NET on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 5.0.103 and .NET Runtime\n5.0.3. \n\nSecurity Fix(es):\n\n* dotnet: certificate chain building recursion Denial of Service\n(CVE-2021-1721)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-1721\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYCQRkNzjgjWX9erEAQgNpQ//YOPnsrlO2lww9KzO1WQGieOjqQ1xLZxZ\nYEgR3XbSuOiS0y7an842VNVht52BEh+maxUN3cdZfHqkBmb3+Ax4Tdnh/oH2CuYT\nlNkzcQcU/XxNWgpYE6Whu7o5+b7hS8e4khpoH3snamtuL62G2ncH07/cQOeWLi4o\nEixaJXGxfkq7b3UoDqq8iTj/3NQNmOaD72O2Rp2/yYjLWKtBRKq4sK756wpC+iEj\nqs+/z6NRTpw7swp8zpB2SsKpBhaCleqeVez7TAaDQ+yvT5Hijosn87CdDAMgVHxa\nrzqPzKaEMO/DYvirp70sm0EWaaEkX6FbR2LJRzKH6AxBWbyboIBnGrE8W/EfrI/f\n6qeQZ/+GKMqabT7z7x79RzExgg6GPwdvnI2koD3hgT28CEZpnZZ6fmYMlvD5pfNT\nyPL8jzGRs725jpk2EsjyrIpNRPXqXgiFhmEA/JD2dr6surGj0UCmvHqEzKgGdHDR\nK8jG/u93IZhP+ijnxrw0gOnrCHq5chwxxpPaD1LvSgCmULjzks21zLbcB4qOldLH\ney6xIPrdQcyRtJBecfb9IAN9ygCZXfz0HdRB+0ChK31D+Bhp2ORbJXxPPWYNVbp9\n97pAQ2MYpEYDKUUn5lQ43Qj1WlF2D9+dXquuWYjD+1FZYmSXFfUnIx6HY7asElhc\n+Hn3J/UvwRI\\xefGS\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2021-1721" }, { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "VULMON", "id": "CVE-2021-1721" }, { "db": "PACKETSTORM", "id": "161371" }, { "db": "PACKETSTORM", "id": "161376" }, { "db": "PACKETSTORM", "id": "161372" }, { "db": "PACKETSTORM", "id": "161370" }, { "db": "PACKETSTORM", "id": "161373" }, { "db": "PACKETSTORM", "id": "161375" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-1721", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2021-004038", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "161375", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.0496", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-667", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-1721", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161371", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161376", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161372", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161370", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161373", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-1721" }, { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "PACKETSTORM", "id": "161371" }, { "db": "PACKETSTORM", "id": "161376" }, { "db": "PACKETSTORM", "id": "161372" }, { "db": "PACKETSTORM", "id": "161370" }, { "db": "PACKETSTORM", "id": "161373" }, { "db": "PACKETSTORM", "id": "161375" }, { "db": "NVD", "id": "CVE-2021-1721" }, { "db": "CNNVD", "id": "CNNVD-202102-667" } ] }, "id": "VAR-202102-0778", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2024-01-03T13:47:32.062000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": ".NET\u00a0Core\u00a0and\u00a0Visual\u00a0Studio\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-1721" }, { "title": "Microsoft .NET Core and Microsoft Visual Studio Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141033" }, { "title": "Red Hat: Important: dotnet3.1 security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210471 - security advisory" }, { "title": "Red Hat: Important: dotnet5.0 security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210476 - security advisory" }, { "title": "Red Hat: Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210472 - security advisory" }, { "title": "Red Hat: Important: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210470 - security advisory" }, { "title": "Red Hat: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210473 - security advisory" }, { "title": "Red Hat: Important: dotnet security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210474 - security advisory" }, { "title": "Arch Linux Advisories: [ASA-202103-17] dotnet-sdk: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202103-17" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-1721 log" }, { "title": "Arch Linux Advisories: [ASA-202103-16] dotnet-runtime: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202103-16" }, { "title": null, "trust": 0.1, "url": "https://www.theregister.co.uk/2021/02/09/microsoft_patch_tuesday/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-1721" }, { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "CNNVD", "id": "CNNVD-202102-667" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "NVD", "id": "CVE-2021-1721" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1721" }, { "trust": 1.7, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-1721" }, { "trust": 1.2, "url": "https://access.redhat.com/security/cve/cve-2021-1721" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20210210-ms.html" }, { "trust": 0.8, "url": "https://www.jpcert.or.jp/at/2021/at210008.html" }, { "trust": 0.6, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.6, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/161375/red-hat-security-advisory-2021-0474-01.html" }, { "trust": 0.6, "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-1721" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0496" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-net-core-vulnerabilities-of-february-2021-34547" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2021:0471" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195571" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0473" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0476" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0472" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0470" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0474" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-1721" }, { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "PACKETSTORM", "id": "161371" }, { "db": "PACKETSTORM", "id": "161376" }, { "db": "PACKETSTORM", "id": "161372" }, { "db": "PACKETSTORM", "id": "161370" }, { "db": "PACKETSTORM", "id": "161373" }, { "db": "PACKETSTORM", "id": "161375" }, { "db": "NVD", "id": "CVE-2021-1721" }, { "db": "CNNVD", "id": "CNNVD-202102-667" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-1721" }, { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "PACKETSTORM", "id": "161371" }, { "db": "PACKETSTORM", "id": "161376" }, { "db": "PACKETSTORM", "id": "161372" }, { "db": "PACKETSTORM", "id": "161370" }, { "db": "PACKETSTORM", "id": "161373" }, { "db": "PACKETSTORM", "id": "161375" }, { "db": "NVD", "id": "CVE-2021-1721" }, { "db": "CNNVD", "id": "CNNVD-202102-667" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-25T00:00:00", "db": "VULMON", "id": "CVE-2021-1721" }, { "date": "2021-11-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "date": "2021-02-11T15:15:26", "db": "PACKETSTORM", "id": "161371" }, { "date": "2021-02-11T15:18:57", "db": "PACKETSTORM", "id": "161376" }, { "date": "2021-02-11T15:15:37", "db": "PACKETSTORM", "id": "161372" }, { "date": "2021-02-11T15:15:09", "db": "PACKETSTORM", "id": "161370" }, { "date": "2021-02-11T15:15:47", "db": "PACKETSTORM", "id": "161373" }, { "date": "2021-02-11T15:18:50", "db": "PACKETSTORM", "id": "161375" }, { "date": "2021-02-25T23:15:13.210000", "db": "NVD", "id": "CVE-2021-1721" }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-667" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-26T00:00:00", "db": "VULMON", "id": "CVE-2021-1721" }, { "date": "2021-11-12T05:18:00", "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "date": "2023-12-29T17:15:53.590000", "db": "NVD", "id": "CVE-2021-1721" }, { "date": "2021-08-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-667" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-667" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Microsoft\u00a0 Service operation interruption in the product \u00a0(DoS)\u00a0 Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004038" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-667" } ], "trust": 0.6 } }
ghsa-3gp9-h8hw-pxpw
Vulnerability from github
.NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building.
{ "affected": [ { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App" }, "ranges": [ { "events": [ { "introduced": "2.1.0" }, { "fixed": "2.1.25" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Host.linux-arm" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Host.linux-arm64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Host.linux-musl-arm64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Host.linux-musl-x64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Host.linux-x64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Host.osx-x64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Host.rhel.6-x64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Host.win-arm" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Host.win-arm64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Host.win-x64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Host.win-x86" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.linux-arm" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.linux-arm64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.linux-musl-arm64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.linux-musl-x64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.linux-x64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.osx-x64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.rhel.6-x64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.win-arm" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.win-arm64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.win-x64" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.win-x86" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.Mono.linux-arm" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.Mono.linux-arm64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.Mono.linux-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.Mono.osx-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.android-arm" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.android-arm64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.android-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.android-x86" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.browser-wasm" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.ios-arm" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.ios-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.ios-x86" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.linux-arm" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.linux-arm64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.linux-musl-arm" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.linux-musl-arm64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.linux-musl-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.linux-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.osx-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.tvos-arm64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.tvos-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.win-arm" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.win-arm64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.win-x64" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App.Runtime.win-x86" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.3" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2021-1721" ], "database_specific": { "cwe_ids": [], "github_reviewed": true, "github_reviewed_at": "2022-11-01T21:40:37Z", "nvd_published_at": "2021-02-25T23:15:00Z", "severity": "MODERATE" }, "details": ".NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building.", "id": "GHSA-3gp9-h8hw-pxpw", "modified": "2022-11-01T21:40:37Z", "published": "2022-05-24T17:43:10Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1721" }, { "type": "WEB", "url": "https://github.com/dotnet/announcements/issues/175" }, { "type": "WEB", "url": "https://github.com/dotnet/runtime/issues/48067" }, { "type": "WEB", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "Denial of service in .NET core" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.