Bug 1789623 (CVE-2020-0602)
Summary: | CVE-2020-0602 dotnet: Denial of service via backpressure issue | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | andrew.slice, bodavis, dbhole, kanderso, omajid, rwagner, scorneli, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | aspnet core 3.0.1, aspnet core 3.1.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
A denial of service flaw was found in ASP.NET Core. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted requests to an ASP.NET Core application. The highest threat from this flaw is system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-01-16 20:09:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1789893, 1789895, 1789974, 1790016, 1790851, 1790854, 1790856, 1790858, 1794437 | ||
Bug Blocks: | 1789627 |
Comment 5
Stefan Cornelius
2020-01-14 19:17:45 UTC
External References: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602 https://github.com/aspnet/Announcements/issues/402 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0130 https://access.redhat.com/errata/RHSA-2020:0130 This issue has been addressed in the following products: .NET Core on Red Hat Enterprise Linux Via RHSA-2020:0134 https://access.redhat.com/errata/RHSA-2020:0134 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-0602 |