Vulnerability CVE-2020-1108: Information
Description
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
dotnet-bootstrap | c9f2 | 3.1.6-alt1 | 3.1.6-alt1 | ALT-PU-2020-2592-1 | 256090 | Fixed |
dotnet-coreclr | c9f2 | 3.1.6-alt1 | 3.1.6-alt2.c9.1 | ALT-PU-2020-2593-1 | 256090 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108 |
|
-
Configuration 1
cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*Start including2.1End including2.1.18cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*Start including3.0End including3.1.4cpe:2.3:a:microsoft:.net:5.0:preview2:*:*:*:*:*:*cpe:2.3:a:microsoft:.net:5.0:preview3:*:*:*:*:*:*cpe:2.3:a:microsoft:.net:5.0:preview1:*:*:*:*:*:*Configuration 2
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*Running on/with:cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*Configuration 3
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*Running on/with:cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*Configuration 4
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*Configuration 5
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*Running on/with:cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*Configuration 6
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*Configuration 7
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*Running on/with:cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*Configuration 8
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*Running on/with:cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x86:*Configuration 9
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:arm64:*Configuration 10
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*Running on/with:cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x86:*Configuration 11
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*Configuration 12
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*Running on/with:cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*Configuration 13
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*Running on/with:cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x86:*Configuration 14
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:arm64:*Running on/with:cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*Configuration 15
cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*Running on/with:cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*Configuration 16
cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*Configuration 17
cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*Configuration 18
cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*Running on/with:cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*Configuration 19
cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*Configuration 20
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:arm64:*Configuration 21
cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*Running on/with:cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*Configuration 22
cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*Running on/with:cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*Configuration 23
cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*cpe:2.3:a:microsoft:.net_core:3.1:*:*:*:*:*:*:*cpe:2.3:a:microsoft:visual_studio_2019:16.4:*:*:*:*:*:*:*cpe:2.3:a:microsoft:visual_studio_2019:16.5:*:*:*:*:*:*:*Configuration 24
cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:*cpe:2.3:a:microsoft:powershell:7.0:*:*:*:*:*:*:*