cvelistv5 - cve-2018-8409

CVE-2018-8409 (GCVE-0-2018-8409)

Vulnerability from cvelistv5

Published

2018-09-13 00:00

Modified

2024-08-05 06:54

Severity ?

CWE

Denial of Service

Summary

References

URL

Tags

secure@microsoft.com	http://www.securityfocus.com/bid/105223	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105223	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409	Patch, Vendor Advisory

Impacted products

Vendor

Product

Version

Microsoft

System.IO.Pipelines

Version: System.IO.Pipelines

	Microsoft	.NET Core	Version: 2.1
	Microsoft	ASP.NET Core	Version: 2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:54:36.419Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105223",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105223"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "System.IO.Pipelines",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "System.IO.Pipelines"
            }
          ]
        },
        {
          "product": ".NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            }
          ]
        },
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            }
          ]
        }
      ],
      "datePublic": "2018-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-13T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "105223",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105223"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8409",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "System.IO.Pipelines",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "System.IO.Pipelines"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": ".NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105223",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105223"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8409",
    "datePublished": "2018-09-13T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:54:36.419Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-8409\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2018-09-13T00:29:02.037\",\"lastModified\":\"2024-11-21T04:13:46.097\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \\\"System.IO.Pipelines Denial of Service.\\\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) cuando System.IO.Pipelines gestiona incorrectamente las peticiones. Esto tambi\u00e9n se conoce como \\\"System.IO.Pipelines Denial of Service\\\". Esto afecta a .NET Core 2.1, System.IO.Pipelines y ASP.NET Core 2.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.1\",\"versionEndExcluding\":\"2.1.4\",\"matchCriteriaId\":\"71E5B645-6640-4137-A614-50EBC197147B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.1\",\"versionEndExcluding\":\"2.1.4\",\"matchCriteriaId\":\"B7A74034-D194-49D3-B9D6-4C368CFD3522\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.io.pipelines:4.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFC1EF01-8027-4899-B7AF-C399AF3BD8B3\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105223\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105223\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2018-AVI-437

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer un déni de service et une exécution de code à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft .NET Framework 4.7.1/4.7.2
Microsoft	N/A	Microsoft .NET Framework 3.0 Service Pack 2
Microsoft	N/A	Microsoft .NET Framework 3.5
Microsoft	N/A	Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft	N/A	Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2
Microsoft	N/A	Microsoft .NET Framework 2.0 Service Pack 2
Microsoft	N/A	Microsoft .NET Framework 3.5.1
Microsoft	N/A	Microsoft .NET Framework 4.5.2
Microsoft	N/A	Microsoft .NET Framework 4.7.2
Microsoft	N/A	.NET Core 2.1
Microsoft	N/A	Microsoft .NET Framework 4.7/4.7.1/4.7.2
Microsoft	.Net	ASP.NET Core 2.1
Microsoft	N/A	Microsoft .NET Framework 4.6

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 11 septembre 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft .NET Framework 4.7.1/4.7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.0 Service Pack 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 2.0 Service Pack 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 4.5.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 4.7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": ".NET Core 2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 4.7/4.7.1/4.7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ASP.NET Core 2.1",
      "product": {
        "name": ".Net",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-8409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8409"
    },
    {
      "name": "CVE-2018-8421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8421"
    }
  ],
  "initial_release_date": "2018-09-12T00:00:00",
  "last_revision_date": "2018-09-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-437",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-09-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service et une ex\u00e9cution de code \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 septembre 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données, une exécution de code à distance, une usurpation d'identité et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	ChakraCore
Microsoft	N/A	Microsoft.Data.OData
Microsoft	N/A	System.IO.Pipelines
Microsoft	Azure	C SDK pour Azure IoT
Microsoft	N/A	Microsoft Lync pour Mac 2011

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 11 septembre 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft.Data.OData",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "System.IO.Pipelines",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "C SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync pour Mac 2011",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-8391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8391"
    },
    {
      "name": "CVE-2018-8409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8409"
    },
    {
      "name": "CVE-2018-8479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8479"
    },
    {
      "name": "CVE-2018-8315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8315"
    },
    {
      "name": "CVE-2018-8269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8269"
    },
    {
      "name": "CVE-2018-8456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8456"
    },
    {
      "name": "CVE-2018-8466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8466"
    },
    {
      "name": "CVE-2018-8467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8467"
    },
    {
      "name": "CVE-2018-8459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8459"
    },
    {
      "name": "CVE-2018-8452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8452"
    },
    {
      "name": "CVE-2018-8367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8367"
    },
    {
      "name": "CVE-2018-8465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8465"
    },
    {
      "name": "CVE-2018-8354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8354"
    },
    {
      "name": "CVE-2018-8474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8474"
    }
  ],
  "initial_release_date": "2018-09-12T00:00:00",
  "last_revision_date": "2018-09-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-438",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-09-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance, une\nusurpation d\u0027identit\u00e9 et un contournement de la fonctionnalit\u00e9 de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 septembre 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

cnvd-2019-00352

Vulnerability from cnvd

Title

Microsoft .NET Core、ASP.NET Core和System.IO.Pipelines拒绝服务漏洞

Description

Microsoft .NET Core、ASP.NET Core和System.IO.Pipelines都是美国微软（Microsoft）公司的产品。Microsoft .NET Core是一套免费的开源开发平台。该平台具有多语言支持和跨平台等特点。ASP.NET Core一个跨平台开源框架。该框架用于构建Web应用、物联网应用和移动后端等基于云的应用程序。System.IO.Pipelines是一个用于在.NET中执行高性能IO的库。 Microsoft .NET Core 2.1版本、ASP.NET Core 2.1版本和System.IO.Pipelines中存在拒绝服务漏洞。远程攻击者可通过向应用程序提交特制的请求利用该漏洞造成拒绝服务。

Severity

中

Patch Name

Microsoft .NET Core、ASP.NET Core和System.IO.Pipelines拒绝服务漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409

Reference

https://www.securityfocus.com/bid/105223 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8409

Impacted products

Name
['Microsoft .NET Core 2.1', 'Microsoft ASP.NET Core 2.1', 'Microsoft System.IO.Pipelines']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "105223"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8409"
    }
  },
  "description": "Microsoft .NET Core\u3001ASP.NET Core\u548cSystem.IO.Pipelines\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Microsoft .NET Core\u662f\u4e00\u5957\u514d\u8d39\u7684\u5f00\u6e90\u5f00\u53d1\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5177\u6709\u591a\u8bed\u8a00\u652f\u6301\u548c\u8de8\u5e73\u53f0\u7b49\u7279\u70b9\u3002ASP.NET Core\u4e00\u4e2a\u8de8\u5e73\u53f0\u5f00\u6e90\u6846\u67b6\u3002\u8be5\u6846\u67b6\u7528\u4e8e\u6784\u5efaWeb\u5e94\u7528\u3001\u7269\u8054\u7f51\u5e94\u7528\u548c\u79fb\u52a8\u540e\u7aef\u7b49\u57fa\u4e8e\u4e91\u7684\u5e94\u7528\u7a0b\u5e8f\u3002System.IO.Pipelines\u662f\u4e00\u4e2a\u7528\u4e8e\u5728.NET\u4e2d\u6267\u884c\u9ad8\u6027\u80fdIO\u7684\u5e93\u3002\n\nMicrosoft .NET Core 2.1\u7248\u672c\u3001ASP.NET Core 2.1\u7248\u672c\u548cSystem.IO.Pipelines\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u5e94\u7528\u7a0b\u5e8f\u63d0\u4ea4\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-00352",
  "openTime": "2019-01-04",
  "patchDescription": "Microsoft .NET Core\u3001ASP.NET Core\u548cSystem.IO.Pipelines\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Microsoft .NET Core\u662f\u4e00\u5957\u514d\u8d39\u7684\u5f00\u6e90\u5f00\u53d1\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5177\u6709\u591a\u8bed\u8a00\u652f\u6301\u548c\u8de8\u5e73\u53f0\u7b49\u7279\u70b9\u3002ASP.NET Core\u4e00\u4e2a\u8de8\u5e73\u53f0\u5f00\u6e90\u6846\u67b6\u3002\u8be5\u6846\u67b6\u7528\u4e8e\u6784\u5efaWeb\u5e94\u7528\u3001\u7269\u8054\u7f51\u5e94\u7528\u548c\u79fb\u52a8\u540e\u7aef\u7b49\u57fa\u4e8e\u4e91\u7684\u5e94\u7528\u7a0b\u5e8f\u3002System.IO.Pipelines\u662f\u4e00\u4e2a\u7528\u4e8e\u5728.NET\u4e2d\u6267\u884c\u9ad8\u6027\u80fdIO\u7684\u5e93\u3002\r\n\r\nMicrosoft .NET Core 2.1\u7248\u672c\u3001ASP.NET Core 2.1\u7248\u672c\u548cSystem.IO.Pipelines\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u5e94\u7528\u7a0b\u5e8f\u63d0\u4ea4\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft .NET Core\u3001ASP.NET Core\u548cSystem.IO.Pipelines\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft .NET Core 2.1",
      "Microsoft ASP.NET Core 2.1",
      "Microsoft System.IO.Pipelines"
    ]
  },
  "referenceLink": "https://www.securityfocus.com/bid/105223\r\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8409",
  "serverity": "\u4e2d",
  "submitTime": "2018-09-12",
  "title": "Microsoft .NET Core\u3001ASP.NET Core\u548cSystem.IO.Pipelines\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

fkie_cve-2018-8409

Vulnerability from fkie_nvd

Published

2018-09-13 00:29

Modified

2024-11-21 04:13

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/105223	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105223	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	.net_core	*
microsoft	asp.net_core	*
microsoft	system.io.pipelines	4.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71E5B645-6640-4137-A614-50EBC197147B",
              "versionEndExcluding": "2.1.4",
              "versionStartIncluding": "2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7A74034-D194-49D3-B9D6-4C368CFD3522",
              "versionEndExcluding": "2.1.4",
              "versionStartIncluding": "2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.io.pipelines:4.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFC1EF01-8027-4899-B7AF-C399AF3BD8B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) cuando System.IO.Pipelines gestiona incorrectamente las peticiones. Esto tambi\u00e9n se conoce como \"System.IO.Pipelines Denial of Service\". Esto afecta a .NET Core 2.1, System.IO.Pipelines y ASP.NET Core 2.1."
    }
  ],
  "id": "CVE-2018-8409",
  "lastModified": "2024-11-21T04:13:46.097",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-13T00:29:02.037",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105223"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2018-8409

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-8409

Aliases

CVE-2018-8409

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-8409",
    "description": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.",
    "id": "GSD-2018-8409"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-8409"
      ],
      "details": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.",
      "id": "GSD-2018-8409",
      "modified": "2023-12-13T01:22:35.012513Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2018-8409",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "System.IO.Pipelines",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "System.IO.Pipelines"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": ".NET Core",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ASP.NET Core",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "105223",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105223"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[2.1]",
          "affected_versions": "Version 2.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2020-08-24",
          "description": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core, System.IO.Pipelines, ASP.NET Core ",
          "fixed_versions": [
            "2.1.1"
          ],
          "identifier": "CVE-2018-8409",
          "identifiers": [
            "CVE-2018-8409"
          ],
          "not_impacted": "All versions before 2.1, all versions after 2.1",
          "package_slug": "nuget/Microsoft.AspNetCore.All",
          "pubdate": "2018-09-13",
          "solution": "Upgrade to version 2.1.1 or above.",
          "title": "Uncontrolled Resource Concumption",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-8409",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409",
            "http://www.securityfocus.com/bid/105223"
          ],
          "uuid": "f493d735-a89d-4bb3-bc9e-a3d2d1681432"
        },
        {
          "affected_range": "[2.1.0,2.1.3]",
          "affected_versions": "All versions starting from 2.1.0 up to 2.1.3",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2021-09-14",
          "description": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.",
          "fixed_versions": [
            "2.1.4"
          ],
          "identifier": "CVE-2018-8409",
          "identifiers": [
            "GHSA-j378-6mmw-hqfr",
            "CVE-2018-8409"
          ],
          "not_impacted": "All versions before 2.1.0, all versions after 2.1.3",
          "package_slug": "nuget/Microsoft.AspNetCore.App",
          "pubdate": "2018-10-16",
          "solution": "Upgrade to version 2.1.4 or above.",
          "title": "Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and System.IO.Pipelines",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-8409",
            "https://github.com/advisories/GHSA-j378-6mmw-hqfr"
          ],
          "uuid": "dff6981f-51b9-4486-8e16-0ad380371d5a"
        },
        {
          "affected_range": "[4.5.0]",
          "affected_versions": "Version 4.5.0",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2021-09-14",
          "description": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.",
          "fixed_versions": [
            "4.5.1"
          ],
          "identifier": "CVE-2018-8409",
          "identifiers": [
            "GHSA-j378-6mmw-hqfr",
            "CVE-2018-8409"
          ],
          "not_impacted": "All versions before 4.5.0, all versions after 4.5.0",
          "package_slug": "nuget/System.IO.Pipelines",
          "pubdate": "2018-10-16",
          "solution": "Upgrade to version 4.5.1 or above.",
          "title": "Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and System.IO.Pipelines",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-8409",
            "https://github.com/advisories/GHSA-j378-6mmw-hqfr"
          ],
          "uuid": "48fdf265-4d02-4711-9fee-7def7830b91c"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1.4",
                "versionStartIncluding": "2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1.4",
                "versionStartIncluding": "2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:system.io.pipelines:4.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8409"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
            },
            {
              "name": "105223",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105223"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-10-04T17:54Z",
      "publishedDate": "2018-09-13T00:29Z"
    }
  }
}

var-201809-1040

Vulnerability from variot

A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1. The vendor System.IO.Pipelines As a "denial of service".Service operation interruption (DoS) There is a possibility of being put into a state. Microsoft .NET Core is a free and open source development platform. The platform has features such as multi-language support and cross-platform. ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. System.IO.Pipelines is a library for performing high-performance IO in .NET. A remote attacker can use this vulnerability to cause a denial of service by submitting a specially crafted request to the application

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201809-1040",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.3,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.3,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "system.io.pipelines",
        "scope": null,
        "trust": 1.4,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": ".net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1.4"
      },
      {
        "model": "system.io.pipelines",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.5.0"
      },
      {
        "model": "asp.net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1.4"
      },
      {
        "model": ".net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "system.io.pipelines",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "system.io.pipelines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "db": "BID",
        "id": "105223"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:system.io.pipelines",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "105223"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2018-8409",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-8409",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-00352",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-8409",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-8409",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-8409",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-8409",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-00352",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201809-539",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1. The vendor System.IO.Pipelines As a \"denial of service\".Service operation interruption (DoS) There is a possibility of being put into a state. Microsoft .NET Core is a free and open source development platform. The platform has features such as multi-language support and cross-platform. ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. System.IO.Pipelines is a library for performing high-performance IO in .NET. A remote attacker can use this vulnerability to cause a denial of service by submitting a specially crafted request to the application",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-8409"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "db": "BID",
        "id": "105223"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-8409",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "105223",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "db": "BID",
        "id": "105223"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "id": "VAR-201809-1040",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      }
    ],
    "trust": 0.99586466
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:06:36.540000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-8409 | System.IO.Pipelines Denial of Service",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8409"
      },
      {
        "title": "CVE-2018-8409 | System.IO.Pipelines \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8409"
      },
      {
        "title": "Patch for Microsoft .NET Core, ASP.NET Core, and System.IO.Pipelines Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/148781"
      },
      {
        "title": "Microsoft .NET Core , ASP.NET Core  and System.IO.Pipelines Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84810"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/105223"
      },
      {
        "trust": 1.9,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8409"
      },
      {
        "trust": 1.4,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8409"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180912-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180038.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8409"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "db": "BID",
        "id": "105223"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "db": "BID",
        "id": "105223"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "date": "2018-09-11T00:00:00",
        "db": "BID",
        "id": "105223"
      },
      {
        "date": "2018-11-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "date": "2018-09-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "date": "2018-09-13T00:29:02.037000",
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "date": "2018-09-11T00:00:00",
        "db": "BID",
        "id": "105223"
      },
      {
        "date": "2018-11-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "date": "2020-10-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "date": "2024-11-21T04:13:46.097000",
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Microsoft Service disruption in products  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      }
    ],
    "trust": 0.6
  }
}

ghsa-j378-6mmw-hqfr

Vulnerability from github

Published

2018-10-16 19:56

Modified

2022-10-26 18:56

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Denial of service vulnerability exists when System.IO.Pipelines improperly handles requests

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.1.3"
      },
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.All"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.1.3"
      },
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.IO.Pipelines"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.5.0"
            },
            {
              "fixed": "4.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.5.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2018-8409"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:41:41Z",
    "nvd_published_at": "2018-09-13T00:29:00Z",
    "severity": "HIGH"
  },
  "details": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.",
  "id": "GHSA-j378-6mmw-hqfr",
  "modified": "2022-10-26T18:56:19Z",
  "published": "2018-10-16T19:56:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8409"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-j378-6mmw-hqfr"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105223"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Denial of service vulnerability exists when System.IO.Pipelines improperly handles requests"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-8409 (GCVE-0-2018-8409)

Vulnerability from cvelistv5

CERTFR-2018-AVI-437

Vulnerability from certfr_avis

Solution

CERTFR-2018-AVI-438

Vulnerability from certfr_avis

Solution

cnvd-2019-00352

Vulnerability from cnvd

fkie_cve-2018-8409

Vulnerability from fkie_nvd

gsd-2018-8409

Vulnerability from gsd

var-201809-1040

Vulnerability from variot

ghsa-j378-6mmw-hqfr

Vulnerability from github

Tags

Sightings

Nomenclature