{"containers": {"cna": {"title": ".NET Core and Visual Studio Denial of Service Vulnerability", "datePublic": "2021-08-10T07:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", "cpes": ["cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "15.9.0", "lessThan": "15.9.38", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "cpes": ["cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "16.0", "lessThan": "16.4.25", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)", "cpes": ["cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "16.0.0", "lessThan": "16.7.18", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", "cpes": ["cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "15.0.0", "lessThan": "16.9.10", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9)", "cpes": ["cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "16.10.0", "lessThan": "16.10.5", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Visual Studio 2019 for Mac version 8.10", "cpes": ["cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*"], "platforms": ["Unknown"], "versions": [{"version": "8.1.0", "lessThan": "8.10.7", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET Core 2.1", "cpes": ["cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "2.1", "lessThan": "2.1.30", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET Core 3.1", "cpes": ["cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "3.1", "lessThan": "3.1.18", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET 5.0", "cpes": ["cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "5.0.0", "lessThan": "5.0.9", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "PowerShell Core 7.1", "cpes": ["cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "7.1.0", "lessThan": "7.1.4", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "PowerShell Core 7.0", "cpes": ["cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "7.0.0", "lessThan": "7.0.7", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": ".NET Core and Visual Studio Denial of Service Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2023-12-28T19:53:54.266Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:26:25.161Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2021-26423", "datePublished": "2021-08-12T18:11:31", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-08-03T20:26:25.161Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "B85CD4C7-D84B-4C54-A604-FC852038A565", "versionEndIncluding": "5.0.8", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB624437-CB1B-46A2-BF75-30035D99D2EF", "versionEndIncluding": "2.1.28", "versionStartIncluding": "2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F344BDC-2929-4CEA-8414-E4D07C1F76F0", "versionEndIncluding": "3.1.17", "versionStartIncluding": "3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE4005F4-89BB-4597-9070-1137B4CEFC9B", "versionEndExcluding": "7.0.7", "versionStartIncluding": "7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "40F33C0C-7AF0-4B48-828C-00534012D728", "versionEndExcluding": "7.1.4", "versionStartIncluding": "7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE03B37D-72FE-4C25-BE62-9C422AEFC80E", "versionEndIncluding": "15.9", "versionStartIncluding": "15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "26472C42-CDB4-4176-B10B-3BF26F5030E3", "versionEndIncluding": "16.10", "versionStartIncluding": "16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*", "matchCriteriaId": "BA547FFE-D557-4612-9840-EEE88ACF53AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": ".NET Core and Visual Studio Denial of Service Vulnerability"}, {"lang": "es", "value": "Una Vulnerabilidad de Denegaci\u00f3n de Servicio en .NET Core y Visual Studio"}], "id": "CVE-2021-26423", "lastModified": "2024-11-21T05:56:21.260", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2021-08-12T18:15:08.537", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:3143", "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7", "package": "rh-dotnet31-dotnet-0:3.1.118-1.el7_9", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2021-08-11T00:00:00Z"}, {"advisory": "RHSA-2021:3147", "cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7", "package": "rh-dotnet50-dotnet-0:5.0.206-1.el7_9", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2021-08-12T00:00:00Z"}, {"advisory": "RHSA-2021:3142", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet3.1-0:3.1.118-1.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-08-11T00:00:00Z"}, {"advisory": "RHSA-2021:3148", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet5.0-0:5.0.206-1.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-08-12T00:00:00Z"}], "bugzilla": {"description": "dotnet: ASP.NET Core WebSocket frame processing DoS", "id": "1990295", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990295"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-835", "details": [".NET Core and Visual Studio Denial of Service Vulnerability", "An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability."], "name": "CVE-2021-26423", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:2.1", "fix_state": "Not affected", "package_name": "rh-dotnet21", "product_name": ".NET Core 2.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2021-08-10T17:05:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-26423\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-26423\nhttps://github.com/dotnet/announcements/issues/194\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26423"], "threat_severity": "Important"}

{}