Bug 1789623 (CVE-2020-0602) - CVE-2020-0602 dotnet: Denial of service via backpressure issue
Summary: CVE-2020-0602 dotnet: Denial of service via backpressure issue
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-0602
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1789893 1789895 1789974 1790016 1790851 1790854 1790856 1790858 1794437
Blocks: 1789627
TreeView+ depends on / blocked
 
Reported: 2020-01-09 22:42 UTC by Pedro Sampaio
Modified: 2022-11-14 09:37 UTC (History)
8 users (show)

Fixed In Version: aspnet core 3.0.1, aspnet core 3.1.1
Clone Of:
Environment:
Last Closed: 2020-01-16 20:09:43 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:0137 0 None None None 2020-01-17 15:01:58 UTC
Red Hat Product Errata RHBA-2020:0138 0 None None None 2020-01-17 15:04:25 UTC
Red Hat Product Errata RHBA-2020:0143 0 None None None 2020-01-21 02:19:31 UTC
Red Hat Product Errata RHBA-2020:0148 0 None None None 2020-01-21 02:19:05 UTC
Red Hat Product Errata RHSA-2020:0130 0 None None None 2020-01-16 14:58:29 UTC
Red Hat Product Errata RHSA-2020:0134 0 None None None 2020-01-16 16:32:26 UTC

Comment 5 Stefan Cornelius 2020-01-14 19:17:45 UTC 
A vulnerability related to the processing of web requests has been reported in ASP.NET Core. An unauthenticated remote attacker could exploit this vulnerability to cause a Denial of Service by sending specially crafted requests to an ASP.NET Core application.
Comment 6 Stefan Cornelius 2020-01-14 19:17:47 UTC 
External References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602
https://github.com/aspnet/Announcements/issues/402
Comment 7 errata-xmlrpc 2020-01-16 14:58:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0130 https://access.redhat.com/errata/RHSA-2020:0130
Comment 8 errata-xmlrpc 2020-01-16 16:32:25 UTC 
This issue has been addressed in the following products:

  .NET Core on Red Hat Enterprise Linux

Via RHSA-2020:0134 https://access.redhat.com/errata/RHSA-2020:0134
Comment 9 Product Security DevOps Team 2020-01-16 20:09:43 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-0602
Note You need to log in before you can comment on or make changes to this bug.