Vulnerability CVE-2020-1108: Information

Description

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-1108

Published: May 22, 2020

Modified: Oct. 15, 2023

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
dotnet-bootstrap	c9f2	3.1.6-alt1	3.1.6-alt1	ALT-PU-2020-2592-1	256090	Fixed
dotnet-coreclr	c9f2	3.1.6-alt1	3.1.6-alt2.c9.1	ALT-PU-2020-2593-1	256090	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108	Patch Vendor Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*
  Start including
  2.1
  End including
  2.1.18
  cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*
  Start including
  3.0
  End including
  3.1.4
  cpe:2.3:a:microsoft:.net:5.0:preview2:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net:5.0:preview3:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net:5.0:preview1:*:*:*:*:*:*
  
  Configuration 2
  cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
  
  Configuration 3
  cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*
  
  Configuration 4
  cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  
  Configuration 5
  cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
  
  Configuration 6
  cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
  
  Configuration 7
  cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*
  
  Configuration 8
  cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x86:*
  
  Configuration 9
  cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:arm64:*
  
  Configuration 10
  cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x86:*
  
  Configuration 11
  cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
  
  Configuration 12
  cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*
  
  Configuration 13
  cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x86:*
  
  Configuration 14
  cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:arm64:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*
  
  Configuration 15
  cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*
  
  Configuration 16
  cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*
  
  Configuration 17
  cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*
  
  Configuration 18
  cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  
  Configuration 19
  cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
  
  Configuration 20
  cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:arm64:*
  
  Configuration 21
  cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*
  
  Configuration 22
  cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
  
  Configuration 23
  cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:.net_core:3.1:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:visual_studio_2019:16.4:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:visual_studio_2019:16.5:*:*:*:*:*:*:*
  
  Configuration 24
  cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:*
  cpe:2.3:a:microsoft:powershell:7.0:*:*:*:*:*:*:*

Version: v24.5.1

Vulnerability CVE-2020-1108: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Configuration 8

Configuration 9

Configuration 10

Configuration 11

Configuration 12

Configuration 13

Configuration 14

Configuration 15

Configuration 16

Configuration 17

Configuration 18

Configuration 19

Configuration 20

Configuration 21

Configuration 22

Configuration 23

Configuration 24