1827643 – (CVE-2020-1108) CVE-2020-1108 dotnet: Denial of service via untrusted input

Bug 1827643 (CVE-2020-1108) - CVE-2020-1108 dotnet: Denial of service via untrusted input

Summary: CVE-2020-1108 dotnet: Denial of service via untrusted input

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-1108
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1828624 1829418 1829419 1834957 1834958 1835185 1835188
Blocks:	1827646
TreeView+	depends on / blocked

Reported:	2020-04-24 12:28 UTC by Dhananjay Arunesh
Modified:	2021-02-16 20:13 UTC (History)
CC List:	9 users (show)
Fixed In Version:	dotnet sdk 3.1.105, dotnet runtime 3.1.5, dotnet sdk 2.1.515, dotnet runtime 2.1.19
Clone Of:
Environment:
Last Closed:	2020-05-13 16:31:46 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:2247	None	None	None	2020-05-21 15:24:42 UTC
Red Hat Product Errata	RHBA-2020:2545	None	None	None	2020-06-15 09:34:29 UTC
Red Hat Product Errata	RHBA-2020:2546	None	None	None	2020-06-15 11:19:07 UTC
Red Hat Product Errata	RHBA-2020:2559	None	None	None	2020-06-15 18:47:14 UTC
Red Hat Product Errata	RHBA-2020:2624	None	None	None	2020-06-19 01:51:02 UTC
Red Hat Product Errata	RHBA-2020:2889	None	None	None	2020-07-09 15:05:36 UTC
Red Hat Product Errata	RHSA-2020:2143	None	None	None	2020-05-13 15:51:38 UTC
Red Hat Product Errata	RHSA-2020:2146	None	None	None	2020-05-13 17:09:41 UTC
Red Hat Product Errata	RHSA-2020:2249	None	None	None	2020-05-21 15:35:04 UTC
Red Hat Product Errata	RHSA-2020:2250	None	None	None	2020-05-21 16:19:01 UTC
Red Hat Product Errata	RHSA-2020:2450	None	None	None	2020-06-09 21:29:53 UTC
Red Hat Product Errata	RHSA-2020:2471	None	None	None	2020-06-10 09:46:01 UTC
Red Hat Product Errata	RHSA-2020:2475	None	None	None	2020-06-10 09:59:00 UTC
Red Hat Product Errata	RHSA-2020:2476	None	None	None	2020-06-10 09:40:32 UTC

Description Dhananjay Arunesh 2020-04-24 12:28:40 UTC

A vulnerability related to handling web requests has been reported in .NET Core and .NET Framework. A remote, unauthenticated attacker can exploit this vulnerability to cause a Denial of Service by sending specially crafted requests to a .NET Core or .NET Framework application.

Comment 8 Todd Cullum 2020-04-30 01:20:42 UTC

Acknowledgments:

Name: Microsoft

Comment 9 Stefan Cornelius 2020-05-12 17:05:28 UTC

External References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108

Comment 12 errata-xmlrpc 2020-05-13 15:51:37 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2143 https://access.redhat.com/errata/RHSA-2020:2143

Comment 13 Product Security DevOps Team 2020-05-13 16:31:46 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-1108

Comment 14 errata-xmlrpc 2020-05-13 17:09:39 UTC

This issue has been addressed in the following products:

  .NET Core on Red Hat Enterprise Linux

Via RHSA-2020:2146 https://access.redhat.com/errata/RHSA-2020:2146

Comment 15 errata-xmlrpc 2020-05-21 15:35:02 UTC

This issue has been addressed in the following products:

  .NET Core on Red Hat Enterprise Linux

Via RHSA-2020:2249 https://access.redhat.com/errata/RHSA-2020:2249

Comment 16 errata-xmlrpc 2020-05-21 16:17:30 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2250 https://access.redhat.com/errata/RHSA-2020:2250

Comment 17 Stefan Cornelius 2020-06-09 18:52:21 UTC

The fixes released as part of the May 2020 Patch Tuesday were incomplete. Additional updates to comprehensively address this issue were released as part of the June 2020 Patch Tuesday.
https://github.com/dotnet/announcements/issues/157

Comment 18 errata-xmlrpc 2020-06-09 21:29:52 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2450 https://access.redhat.com/errata/RHSA-2020:2450

Comment 19 errata-xmlrpc 2020-06-10 09:40:28 UTC

This issue has been addressed in the following products:

  .NET Core on Red Hat Enterprise Linux

Via RHSA-2020:2476 https://access.redhat.com/errata/RHSA-2020:2476

Comment 20 errata-xmlrpc 2020-06-10 09:45:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2471 https://access.redhat.com/errata/RHSA-2020:2471

Comment 21 errata-xmlrpc 2020-06-10 09:58:55 UTC

This issue has been addressed in the following products:

  .NET Core on Red Hat Enterprise Linux

Via RHSA-2020:2475 https://access.redhat.com/errata/RHSA-2020:2475

Note You need to log in before you can comment on or make changes to this bug.