AVG-1449 log
| Package | dotnet-runtime, dotnet-sdk |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 3.1.8.sdk108-1 |
| Fixed | 5.0.3.sdk103-2 |
| Current | 9.0.7.sdk108-1 [extra] |
| Ticket | FS#69317 |
| Created | Wed Jan 13 21:42:32 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-24112 | High | No | Arbitrary code execution | A remote code execution vulnerability exists in dotnet-core before version 3.1.12 when parsing certain types of graphics files. This vulnerability only... |
| CVE-2021-1723 | Medium | Yes | Denial of service | A flaw was found in dotnet-core before version 3.1.11. Running callbacks outside of locks results in Krestel deadlock using HTTP2. |
| CVE-2021-1721 | Medium | Yes | Denial of service | A security issue was found in dotnet-core before version 3.1.12. A denial-of-service vulnerability exists when creating HTTPS web request during X509... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 25 Mar 2021 | ASA-202103-17 | dotnet-sdk | multiple issues |
| 25 Mar 2021 | ASA-202103-16 | dotnet-runtime | multiple issues |