Denial of Service (DoS)

Affecting microsoft.netcore.app package, versions [2.2.0,2.2.1) || [2.1.0,2.1.7)

Overview

Microsoft.NETCore.App is set of .NET API's that are included in the default .NET Core application model.

Affected versions of this package are vulnerable to Denial of Service (DoS). An unauthenticated attacker can cause a denial of service remotely, by issuing specially crafted requests to the .NET Core application. This is caused by an improper handling of a web request in ASP.NET Core. This CVE ID is unique from CVE-2019-0548.

Remediation

Upgrade Microsoft.NETCore.App to version 2.2.1, 2.1.7 or higher.

References

Do your applications use this vulnerable package?

CVSS Score

5.9
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    None
  • Integrity
    None
  • Availability
    High
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:O
Credit
Barry Dorrans
CVE
CVE-2019-0564
CWE
CWE-400
Snyk ID
SNYK-DOTNET-MICROSOFTNETCOREAPP-72895
Disclosed
08 Jan, 2019
Published
10 Jan, 2019