CVE-2021-26423 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Denial of service |
Description | A denial of service vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118 where .NET (Core) server applications providing WebSocket endpoints could be tricked into endlessly looping while trying to read a single WebSocket frame. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2278 | dotnet-runtime-3.1, dotnet-sdk-3.1 | 3.1.17.sdk117-1 | 3.1.20.sdk120-1 | Medium | Fixed | |
AVG-2277 | dotnet-runtime, dotnet-sdk | 5.0.8.sdk205-1 | 6.0.0.sdk100-1 | Medium | Fixed |
References |
---|
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26423 https://github.com/dotnet/announcements/issues/194 |