{"containers": {"cna": {"affected": [{"product": "ASP.NET Core", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2.1"}, {"status": "affected", "version": "3.0"}, {"status": "affected", "version": "3.1"}]}], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'."}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-16T19:06:09", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"}, {"name": "RHSA-2020:0130", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0130"}, {"name": "RHSA-2020:0134", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0134"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0603", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ASP.NET Core", "version": {"version_data": [{"version_value": "2.1"}, {"version_value": "3.0"}, {"version_value": "3.1"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Code Execution"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"}, {"name": "RHSA-2020:0130", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0130"}, {"name": "RHSA-2020:0134", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0134"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:11:04.603Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"}, {"name": "RHSA-2020:0130", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0130"}, {"name": "RHSA-2020:0134", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0134"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0603", "datePublished": "2020-01-14T23:11:21", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:11:04.603Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "19C3047E-C222-4636-B1B3-722F2C65BC99", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E4319AB8-5013-46B4-8E3C-6FDCFC65FC7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "5FE4072E-3226-435C-BC61-A775D3EF2822", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en el software ASP.NET Core cuando el software presenta un fallo al manejar los objetos en memoria. Un atacante que explot\u00f3 con \u00e9xito la vulnerabilidad podr\u00eda ejecutar c\u00f3digo arbitrario en el contexto del usuario actual, tambi\u00e9n se conoce como \"ASP.NET Core Remote Code Execution Vulnerability\"."}], "id": "CVE-2020-0603", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-14T23:15:30.347", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0130"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0134"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:0134", "cpe": "cpe:/a:redhat:rhel_dotnet:3.0::el7", "package": "rh-dotnet30-dotnet-0:3.0.102-3.el7", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2020-01-16T00:00:00Z"}, {"advisory": "RHSA-2020:0134", "cpe": "cpe:/a:redhat:rhel_dotnet:3.0::el7", "package": "rh-dotnet31-dotnet-0:3.1.101-4.el7", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2020-01-16T00:00:00Z"}, {"advisory": "RHSA-2020:0134", "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7", "package": "rh-dotnet30-dotnet-0:3.0.102-3.el7", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2020-01-16T00:00:00Z"}, {"advisory": "RHSA-2020:0134", "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7", "package": "rh-dotnet31-dotnet-0:3.1.101-4.el7", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2020-01-16T00:00:00Z"}, {"advisory": "RHSA-2020:0130", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet3.0-0:3.0.102-2.el8_1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-01-16T00:00:00Z"}], "bugzilla": {"description": "dotnet: Memory Corruption in SignalR", "id": "1789624", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789624"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.", "A memory corruption flaw was found in ASP.NET core. A client can write to freed memory on the server which could result in undefined behavior. An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code by sending specially crafted requests to an ASP.NET Core application."], "name": "CVE-2020-0603", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:2.1", "fix_state": "Not affected", "package_name": "rh-dotnet21", "product_name": ".NET Core 2.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:2.2", "fix_state": "Not affected", "package_name": "rh-dotnet22", "product_name": ".NET Core 2.2 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet3.1", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2020-01-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-0603\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0603\nhttps://github.com/aspnet/Announcements/issues/403\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"], "threat_severity": "Critical", "upstream_fix": "aspnet core 3.0.1, aspnet core 3.1.1"}