Bug 1990295 (CVE-2021-26423)
Summary: | CVE-2021-26423 dotnet: ASP.NET Core WebSocket frame processing DoS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Stefan Cornelius <scorneli> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | andrew.slice, bodavis, dbhole, kanderso, lvaleeva, maltron, omajid, rwagner, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | SDK 3.1.118, Runtime 3.1.18, SDK 5.0.206, Runtime 5.0.9 | Doc Type: | If docs needed, set a value |
Doc Text: |
An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-08-11 19:29:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1990310, 1990311, 1990312, 1990313, 1990314, 1990315 | ||
Bug Blocks: | 1990033 |
Description
Stefan Cornelius
2021-08-05 08:02:22 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3142 https://access.redhat.com/errata/RHSA-2021:3142 This issue has been addressed in the following products: .NET Core on Red Hat Enterprise Linux Via RHSA-2021:3143 https://access.redhat.com/errata/RHSA-2021:3143 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-26423 This issue has been addressed in the following products: .NET Core on Red Hat Enterprise Linux Via RHSA-2021:3147 https://access.redhat.com/errata/RHSA-2021:3147 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3148 https://access.redhat.com/errata/RHSA-2021:3148 |