Subject: [ASA-202106-37] aspnet-runtime: denial of service Arch Linux Security Advisory ASA-202106-37 ========================================== Severity: Medium Date : 2021-06-15 CVE-ID : CVE-2021-31957 Package : aspnet-runtime Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2046 Summary ======= The package aspnet-runtime before version 5.0.7.sdk204-1 is vulnerable to denial of service. Resolution ========== Upgrade to 5.0.7.sdk204-1. # pacman -Syu "aspnet-runtime>=5.0.7.sdk204-1" The problem has been fixed upstream in version 5.0.7.sdk204. Workaround ========== None. Description =========== A denial of service vulnerability exists in .NET 5.0 before Runtime 5.0.7 and SDK 5.0.204 as well as .NET Core 3.1 before Runtime 3.1.16 and SDK 3.1.116 in ASP.NET. Impact ====== A remote attacker could crash an ASP.NET application. References ========== https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957 https://github.com/dotnet/announcements/issues/189 https://security.archlinux.org/CVE-2021-31957