Bug 1926918 (CVE-2021-1721)
Summary: | CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Stefan Cornelius <scorneli> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | andrew.slice, bodavis, dbhole, kanderso, maltron, omajid, rwagner, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | dotnet runtime 2.1.25, dotnet sdk 2.1.521, dotnet runtime 3.1.12, dotnet sdk 3.1.112, dotnet runtime 5.0.3, dotnet sdk 5.0.103 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-02-10 22:09:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1921938, 1922272, 1923368, 1923377, 1924761, 1924765 | ||
Bug Blocks: | 1926911 |
Description
Stefan Cornelius
2021-02-09 16:35:38 UTC
External References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1721 https://github.com/dotnet/announcements/issues/175 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0471 https://access.redhat.com/errata/RHSA-2021:0471 This issue has been addressed in the following products: .NET Core on Red Hat Enterprise Linux Via RHSA-2021:0470 https://access.redhat.com/errata/RHSA-2021:0470 This issue has been addressed in the following products: .NET Core on Red Hat Enterprise Linux Via RHSA-2021:0472 https://access.redhat.com/errata/RHSA-2021:0472 This issue has been addressed in the following products: .NET Core on Red Hat Enterprise Linux Via RHSA-2021:0473 https://access.redhat.com/errata/RHSA-2021:0473 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0474 https://access.redhat.com/errata/RHSA-2021:0474 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0476 https://access.redhat.com/errata/RHSA-2021:0476 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-1721 |