Arch Linux Security Advisory ASA-202106-38 ========================================== Severity: Medium Date : 2021-06-15 CVE-ID : CVE-2021-31957 Package : aspnet-runtime-3.1 Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2047 Summary ======= The package aspnet-runtime-3.1 before version 3.1.16.sdk116-1 is vulnerable to denial of service. Resolution ========== Upgrade to 3.1.16.sdk116-1. # pacman -Syu "aspnet-runtime-3.1>=3.1.16.sdk116-1" The problem has been fixed upstream in version 3.1.16.sdk116. Workaround ========== None. Description =========== A denial of service vulnerability exists in .NET 5.0 before Runtime 5.0.7 and SDK 5.0.204 as well as .NET Core 3.1 before Runtime 3.1.16 and SDK 3.1.116 in ASP.NET. Impact ====== A remote attacker could crash an ASP.NET application. References ========== https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957 https://github.com/dotnet/announcements/issues/189 https://security.archlinux.org/CVE-2021-31957