Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core

Microsoft is aware of a denial of service vulnerability in ASP.NET Core when a malformed request is terminated. An attacker who successfully exploited this vulnerability could cause a denial of service attack.

The update addresses the vulnerability by correcting how ASP.NET Core handles such requests.

Published: Oct 16, 2018
Updated: Apr 14, 2023
GHSA: GHSA-cgpw-2gph-2r9g
Severity: Medium
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
Microsoft.AspNetCore.Server.Kestrel.Core	2.0.0	2.0.4
Microsoft.AspNetCore.All	2.0.0	2.0.9
Microsoft.AspNetCore.App	2.1.0	2.1.2
Microsoft.AspNetCore.Server.Kestrel.Core	2.1.0	2.1.2
Microsoft.AspNetCore.All	2.1.0	2.1.2

https://github.com/aspnet/Announcements/issues/311

Vulnerability Database

289,599

Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core