CVE-2018-0764

Description

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.

Related CPE's

amicrosoft.net_core2.0*******

amicrosoft.net_core1.0*******

amicrosoft.net_core1.1*******

amicrosoftpowershell_core6.0*******

amicrosoft.net_framework2.0sp2******

amicrosoft.net_framework3.0sp2******

omicrosoftwindows_server_2008-sp2******

amicrosoft.net_framework3.5*******

omicrosoftwindows_server_2012r2*******

omicrosoftwindows_101511*******

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764

PatchVendor Advisory

1040152

Third Party AdvisoryVDB Entry

102387

Third Party AdvisoryVDB Entry

RHSA-2018:0379

Third Party Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

NONE

PrivilegesRequired

NONE

BaseScore

7.5

VectorString

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version

3.0

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:N/I:N/A:P

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

NONE

AvailabilityImpact

PARTIAL

BaseScore

5

Created by Yello
About Severity.io