Fedora Account System
Red Hat Associate
Red Hat Customer
If ReadAsync is being cancelled while producer allocates memory using GetMemory subsequent ReadAsync calls would never block even if there is no new data available causing a tight loop. ReadAsync would start blocking again when producer calls FlushAsync. Only consumers that do not observe IsCancelled flag on ReadResult are affected. .NET Core ≤ 4.5.0 are believed to be vulnerable.
Acknowledgments: Name: Microsoft
External Reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409
This was shipped and can be closed.