Skip to content

.NET Core Denial of Service Vulnerability

High
rbhanda published GHSA-rh58-r7jh-xhx3 Aug 10, 2021

Package

No package listed

Affected versions

<2.1.29, < 3.1.18, <5.0.9

Patched versions

2.1.29, 3.1.18, 5.0.9

Description

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A denial of service vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 where .NET (Core) server applications providing WebSocket endpoints could be tricked into endlessly looping while trying to read a single WebSocket frame.

Patches

Other Details

Severity

High

CVE ID

CVE-2021-26423

Weaknesses

No CWEs