ID CVE-2020-1108
Summary A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1:-:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1:-:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1:preview1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1:preview1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1:preview2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1:preview2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:2.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:2.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0:-:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0:preview3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0:preview3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0:preview4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0:preview4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0:preview5:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0:preview5:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0:preview6:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0:preview6:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0:preview7:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0:preview7:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0:preview8:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0:preview8:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0:preview9:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0:preview9:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0.0:preview3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0.0:preview3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0.0:preview4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0.0:preview4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0.0:preview5:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0.0:preview5:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0.0:preview6:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0.0:preview6:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0.0:preview7:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0.0:preview7:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0.0:preview8:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0.0:preview8:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0.0:preview9:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0.0:preview9:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.1:-:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.1:-:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.1:preview1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.1:preview1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.1:preview2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.1:preview2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.1:preview3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.1:preview3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.1.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.1.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.1.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.1.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.1.0:preview3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.1.0:preview3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:5.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:5.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:5.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:5.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_core:5.0:preview3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_core:5.0:preview3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
  • cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*
  • cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:arm64:*
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:arm64:*
  • cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:arm64:*
    cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:arm64:*
  • cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*
    cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*
  • cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:arm64:*
    cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:arm64:*
  • cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio_2019:16.4:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio_2019:16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio_2019:16.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio_2019:16.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powershell:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powershell:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-05-2021 - 15:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1827643
    title CVE-2020-1108 dotnet: Denial of service via untrusted input
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment dotnet-debugsource is earlier than 0:2.1.514-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202143001
          • comment dotnet-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191259004
        • AND
          • comment dotnet-host-fxr-2.1 is earlier than 0:2.1.18-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202143003
          • comment dotnet-host-fxr-2.1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191259008
        • AND
          • comment dotnet-runtime-2.1 is earlier than 0:2.1.18-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202143005
          • comment dotnet-runtime-2.1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191259010
        • AND
          • comment dotnet-sdk-2.1 is earlier than 0:2.1.514-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202143007
          • comment dotnet-sdk-2.1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191259012
        • AND
          • comment dotnet-sdk-2.1.5xx is earlier than 0:2.1.514-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202143009
          • comment dotnet-sdk-2.1.5xx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191259014
    rhsa
    id RHSA-2020:2143
    released 2020-05-13
    severity Important
    title RHSA-2020:2143: .NET Core security update (Important)
  • bugzilla
    id 1827643
    title CVE-2020-1108 dotnet: Denial of service via untrusted input
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment aspnetcore-runtime-3.1 is earlier than 0:3.1.5-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202450001
          • comment aspnetcore-runtime-3.1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20202250002
        • AND
          • comment aspnetcore-targeting-pack-3.1 is earlier than 0:3.1.5-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202450003
          • comment aspnetcore-targeting-pack-3.1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20202250004
        • AND
          • comment dotnet is earlier than 0:3.1.105-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202450005
          • comment dotnet is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191259002
        • AND
          • comment dotnet-apphost-pack-3.1 is earlier than 0:3.1.5-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202450007
          • comment dotnet-apphost-pack-3.1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20202250008
        • AND
          • comment dotnet-host is earlier than 0:3.1.5-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202450009
          • comment dotnet-host is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191259006
        • AND
          • comment dotnet-hostfxr-3.1 is earlier than 0:3.1.5-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202450011
          • comment dotnet-hostfxr-3.1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20202250012
        • AND
          • comment dotnet-runtime-3.1 is earlier than 0:3.1.5-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202450013
          • comment dotnet-runtime-3.1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20202250014
        • AND
          • comment dotnet-sdk-3.1 is earlier than 0:3.1.105-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202450015
          • comment dotnet-sdk-3.1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20202250016
        • AND
          • comment dotnet-targeting-pack-3.1 is earlier than 0:3.1.5-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202450017
          • comment dotnet-targeting-pack-3.1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20202250018
        • AND
          • comment dotnet-templates-3.1 is earlier than 0:3.1.105-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202450019
          • comment dotnet-templates-3.1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20202250020
        • AND
          • comment dotnet3.1-debugsource is earlier than 0:3.1.105-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202450021
          • comment dotnet3.1-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20202250022
        • AND
          • comment netstandard-targeting-pack-2.1 is earlier than 0:3.1.105-2.el8_2
            oval oval:com.redhat.rhsa:tst:20202450023
          • comment netstandard-targeting-pack-2.1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20200130024
    rhsa
    id RHSA-2020:2450
    released 2020-06-09
    severity Important
    title RHSA-2020:2450: .NET Core 3.1 on Red Hat Enterprise Linux 8 security update (Important)
  • bugzilla
    id 1827643
    title CVE-2020-1108 dotnet: Denial of service via untrusted input
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment dotnet-debugsource is earlier than 0:2.1.515-1.el8_2
            oval oval:com.redhat.rhsa:tst:20202471001
          • comment dotnet-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191259004
        • AND
          • comment dotnet-host-fxr-2.1 is earlier than 0:2.1.19-1.el8_2
            oval oval:com.redhat.rhsa:tst:20202471003
          • comment dotnet-host-fxr-2.1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191259008
        • AND
          • comment dotnet-runtime-2.1 is earlier than 0:2.1.19-1.el8_2
            oval oval:com.redhat.rhsa:tst:20202471005
          • comment dotnet-runtime-2.1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191259010
        • AND
          • comment dotnet-sdk-2.1 is earlier than 0:2.1.515-1.el8_2
            oval oval:com.redhat.rhsa:tst:20202471007
          • comment dotnet-sdk-2.1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191259012
        • AND
          • comment dotnet-sdk-2.1.5xx is earlier than 0:2.1.515-1.el8_2
            oval oval:com.redhat.rhsa:tst:20202471009
          • comment dotnet-sdk-2.1.5xx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191259014
    rhsa
    id RHSA-2020:2471
    released 2020-06-10
    severity Important
    title RHSA-2020:2471: .NET Core on Red Hat Enterprise Linux 8 security update (Important)
rpms
  • dotnet-debuginfo-0:2.1.514-2.el8_2
  • dotnet-debugsource-0:2.1.514-2.el8_2
  • dotnet-host-fxr-2.1-0:2.1.18-2.el8_2
  • dotnet-host-fxr-2.1-debuginfo-0:2.1.18-2.el8_2
  • dotnet-runtime-2.1-0:2.1.18-2.el8_2
  • dotnet-runtime-2.1-debuginfo-0:2.1.18-2.el8_2
  • dotnet-sdk-2.1-0:2.1.514-2.el8_2
  • dotnet-sdk-2.1.5xx-0:2.1.514-2.el8_2
  • dotnet-sdk-2.1.5xx-debuginfo-0:2.1.514-2.el8_2
  • rh-dotnet21-0:2.1-17.el7
  • rh-dotnet21-dotnet-0:2.1.514-2.el7
  • rh-dotnet21-dotnet-debuginfo-0:2.1.514-2.el7
  • rh-dotnet21-dotnet-host-0:2.1.18-2.el7
  • rh-dotnet21-dotnet-runtime-2.1-0:2.1.18-2.el7
  • rh-dotnet21-dotnet-sdk-2.1-0:2.1.514-2.el7
  • rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.514-2.el7
  • rh-dotnet21-runtime-0:2.1-17.el7
  • rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.4-2.el7
  • rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.4-2.el7
  • rh-dotnet31-dotnet-0:3.1.104-2.el7
  • rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.4-2.el7
  • rh-dotnet31-dotnet-debuginfo-0:3.1.104-2.el7
  • rh-dotnet31-dotnet-host-0:3.1.4-2.el7
  • rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.4-2.el7
  • rh-dotnet31-dotnet-runtime-3.1-0:3.1.4-2.el7
  • rh-dotnet31-dotnet-sdk-3.1-0:3.1.104-2.el7
  • rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.4-2.el7
  • rh-dotnet31-dotnet-templates-3.1-0:3.1.104-2.el7
  • rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.104-2.el7
  • aspnetcore-runtime-3.1-0:3.1.4-2.el8_2
  • aspnetcore-targeting-pack-3.1-0:3.1.4-2.el8_2
  • dotnet-0:3.1.104-2.el8_2
  • dotnet-apphost-pack-3.1-0:3.1.4-2.el8_2
  • dotnet-apphost-pack-3.1-debuginfo-0:3.1.4-2.el8_2
  • dotnet-host-0:3.1.4-2.el8_2
  • dotnet-host-debuginfo-0:3.1.4-2.el8_2
  • dotnet-hostfxr-3.1-0:3.1.4-2.el8_2
  • dotnet-hostfxr-3.1-debuginfo-0:3.1.4-2.el8_2
  • dotnet-runtime-3.1-0:3.1.4-2.el8_2
  • dotnet-runtime-3.1-debuginfo-0:3.1.4-2.el8_2
  • dotnet-sdk-3.1-0:3.1.104-2.el8_2
  • dotnet-sdk-3.1-debuginfo-0:3.1.104-2.el8_2
  • dotnet-targeting-pack-3.1-0:3.1.4-2.el8_2
  • dotnet-templates-3.1-0:3.1.104-2.el8_2
  • dotnet3.1-debuginfo-0:3.1.104-2.el8_2
  • dotnet3.1-debugsource-0:3.1.104-2.el8_2
  • netstandard-targeting-pack-2.1-0:3.1.104-2.el8_2
  • aspnetcore-runtime-3.1-0:3.1.5-2.el8_2
  • aspnetcore-targeting-pack-3.1-0:3.1.5-2.el8_2
  • dotnet-0:3.1.105-2.el8_2
  • dotnet-apphost-pack-3.1-0:3.1.5-2.el8_2
  • dotnet-apphost-pack-3.1-debuginfo-0:3.1.5-2.el8_2
  • dotnet-host-0:3.1.5-2.el8_2
  • dotnet-host-debuginfo-0:3.1.5-2.el8_2
  • dotnet-hostfxr-3.1-0:3.1.5-2.el8_2
  • dotnet-hostfxr-3.1-debuginfo-0:3.1.5-2.el8_2
  • dotnet-runtime-3.1-0:3.1.5-2.el8_2
  • dotnet-runtime-3.1-debuginfo-0:3.1.5-2.el8_2
  • dotnet-sdk-3.1-0:3.1.105-2.el8_2
  • dotnet-sdk-3.1-debuginfo-0:3.1.105-2.el8_2
  • dotnet-targeting-pack-3.1-0:3.1.5-2.el8_2
  • dotnet-templates-3.1-0:3.1.105-2.el8_2
  • dotnet3.1-debuginfo-0:3.1.105-2.el8_2
  • dotnet3.1-debugsource-0:3.1.105-2.el8_2
  • netstandard-targeting-pack-2.1-0:3.1.105-2.el8_2
  • dotnet-debuginfo-0:2.1.515-1.el8_2
  • dotnet-debugsource-0:2.1.515-1.el8_2
  • dotnet-host-fxr-2.1-0:2.1.19-1.el8_2
  • dotnet-host-fxr-2.1-debuginfo-0:2.1.19-1.el8_2
  • dotnet-runtime-2.1-0:2.1.19-1.el8_2
  • dotnet-runtime-2.1-debuginfo-0:2.1.19-1.el8_2
  • dotnet-sdk-2.1-0:2.1.515-1.el8_2
  • dotnet-sdk-2.1.5xx-0:2.1.515-1.el8_2
  • dotnet-sdk-2.1.5xx-debuginfo-0:2.1.515-1.el8_2
  • rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.5-1.el7
  • rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.5-1.el7
  • rh-dotnet31-dotnet-0:3.1.105-1.el7
  • rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.5-1.el7
  • rh-dotnet31-dotnet-debuginfo-0:3.1.105-1.el7
  • rh-dotnet31-dotnet-host-0:3.1.5-1.el7
  • rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.5-1.el7
  • rh-dotnet31-dotnet-runtime-3.1-0:3.1.5-1.el7
  • rh-dotnet31-dotnet-sdk-3.1-0:3.1.105-1.el7
  • rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.5-1.el7
  • rh-dotnet31-dotnet-templates-3.1-0:3.1.105-1.el7
  • rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.105-1.el7
  • rh-dotnet21-0:2.1-18.el7
  • rh-dotnet21-dotnet-0:2.1.515-1.el7
  • rh-dotnet21-dotnet-debuginfo-0:2.1.515-1.el7
  • rh-dotnet21-dotnet-host-0:2.1.19-1.el7
  • rh-dotnet21-dotnet-runtime-2.1-0:2.1.19-1.el7
  • rh-dotnet21-dotnet-sdk-2.1-0:2.1.515-1.el7
  • rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.515-1.el7
  • rh-dotnet21-runtime-0:2.1-18.el7
refmap via4
misc https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108
Last major update 18-05-2021 - 15:03
Published 21-05-2020 - 23:15
Last modified 18-05-2021 - 15:03
Back to Top