Bug 1576631 (CVE-2018-0765)

Summary: CVE-2018-0765 dotnet: Improper processing of XML documents can allow a remote attacker to cause a denial of service
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: bgollahe, bodavis, dbhole, kanderso, lzachar, omajid, rwagner
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-09-27 10:49:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1576634    

Description Sam Fowler 2018-05-10 02:01:12 UTC 
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application.

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET (or .NET core) application.


External References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765
https://github.com/dotnet/announcements/issues/67
Comment 1 Stefan Cornelius 2019-09-27 10:49:56 UTC 
This is an issue in the System.Security.Cryptography.Xml package, which is not shipped directly. If you use the System.Security.Cryptography.Xml package in your projects, ensure that you use version 4.4.2 or later.