CVE-2018-0764

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.

Published: Jan 10, 2018
Updated: May 9, 2024
CVE: CVE-2018-0764
GHSA: GHSA-rr3c-f55v-qhv5
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / .net_core	2.0	2.0.x
microsoft / .net_core	1.0	1.0.x
microsoft / .net_core	1.1	1.1.x
microsoft / powershell_core	6.0	6.0.x
microsoft / .net_framework	2.0-sp2	2.0-sp2.x
microsoft / .net_framework	3.0-sp2	3.0-sp2.x
microsoft / .net_framework	3.5	3.5.x
microsoft / .net_framework	3.5.1	3.5.1.x
microsoft / .net_framework	4.5.2	4.5.2.x
microsoft / .net_framework	4.6	4.6.x
microsoft / .net_framework	4.6.1	4.6.1.x
microsoft / .net_framework	4.6.2	4.6.2.x
microsoft / .net_framework	4.7	4.7.x
microsoft / .net_framework	4.7.1	4.7.1.x
System.Security.Cryptography.Xml	-	4.4.2

Vulnerability Database

CVE-2018-0764