CVE-2021-26701 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | A remote code execution vulnerability exists in .NET 5.0 before Runtime 5.0.4 and SDK 5.0.104 as well as .NET Core 3.1 before Runtime 3.1.13 and SDK 3.1.113 due to how text encoding is performed in the System.Text.Encodings.Web package, caused by a buffer overrun. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1701 | dotnet-runtime-3.1, dotnet-sdk-3.1 | 3.1.12.sdk112-3 | 3.1.13.sdk113-1 | High | Fixed | |
| AVG-1698 | dotnet-runtime, dotnet-sdk | 5.0.3.sdk103-2 | 5.0.4.sdk104-1 | High | Fixed | FS#69317 |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 25 Mar 2021 | ASA-202103-23 | AVG-1701 | dotnet-sdk-3.1 | High | arbitrary code execution |
| 25 Mar 2021 | ASA-202103-22 | AVG-1701 | dotnet-runtime-3.1 | High | arbitrary code execution |
| 25 Mar 2021 | ASA-202103-21 | AVG-1698 | dotnet-sdk | High | arbitrary code execution |
| 25 Mar 2021 | ASA-202103-20 | AVG-1698 | dotnet-runtime | High | arbitrary code execution |
| References |
|---|
https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701 https://github.com/dotnet/announcements/issues/178 |