CVE-2020-1108

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

Published: May 22, 2020
Updated: Oct 16, 2023
CVE: CVE-2020-1108
GHSA: GHSA-3w5p-jhp5-c29q
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / .net_core	2.1	2.1.18.x
microsoft / .net_core	3.0	3.1.4.x
microsoft / .net_framework	2.0-sp2	2.0-sp2.x
microsoft / .net_framework	3.0-sp2	3.0-sp2.x
microsoft / .net_framework	4.6	4.6.x
microsoft / .net_framework	3.5	3.5.x
microsoft / .net_framework	4.5.2	4.5.2.x
microsoft / .net_framework	4.6.1	4.6.1.x
microsoft / .net_framework	4.6.2	4.6.2.x
microsoft / .net_framework	4.7	4.7.x
microsoft / .net_framework	4.7.1	4.7.1.x
microsoft / .net_framework	4.7.2	4.7.2.x
microsoft / .net_framework	4.8	4.8.x
microsoft / .net_framework	3.5.1	3.5.1.x
microsoft / .net_core	2.1	2.1.x
microsoft / visual_studio_2017	15.9	15.9.x
microsoft / visual_studio_2019	16.0	16.0.x
microsoft / .net_core	3.1	3.1.x
microsoft / visual_studio_2019	16.4	16.4.x
microsoft / visual_studio_2019	16.5	16.5.x
microsoft / powershell_core	6.2	6.2.x
microsoft / powershell	7.0	7.0.x
Microsoft.NETCore.App	2.1.0	2.1.18
Microsoft.NETCore.App.Runtime.linux-arm	3.1.0	3.1.4
Microsoft.NETCore.App.Runtime.linux-arm64	3.1.0	3.1.4
Microsoft.NETCore.App.Runtime.linux-musl-arm64	3.1.0	3.1.4
Microsoft.NETCore.App.Runtime.linux-musl-x64	3.1.0	3.1.4
Microsoft.NETCore.App.Runtime.linux-x64	3.1.0	3.1.4
Microsoft.NETCore.App.Runtime.osx-x64	3.1.0	3.1.4
Microsoft.NETCore.App.Runtime.rhel.6-x64	3.1.0	3.1.4
Microsoft.NETCore.App.Runtime.win-arm	3.1.0	3.1.4
Microsoft.NETCore.App.Runtime.win-arm64	3.1.0	3.1.4
Microsoft.NETCore.App.Runtime.win-x64	3.1.0	3.1.4
Microsoft.NETCore.App.Runtime.win-x86	3.1.0	3.1.4
microsoft / .net	5.0-preview2	5.0-preview2.x
microsoft / .net	5.0-preview3	5.0-preview3.x
microsoft / .net	5.0-preview1	5.0-preview1.x

Vulnerability Database

289,599

CVE-2020-1108