1. Home
  2. CVE Database
  3. CVE-2018-0764
HIGH · 7.5

CVE-2018-0764

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents ...

Vulnerability Description

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
Microsoft.Net Core1.0
MicrosoftPowershell Core6.0
Microsoft.Net Framework2.0
MicrosoftWindows Server 2008-
MicrosoftWindows 10-
MicrosoftWindows 8.1-
MicrosoftWindows Server 2012-
MicrosoftWindows Server 2016-
MicrosoftWindows 7-
MicrosoftWindows Rt 8.1-

References

FAQ

What is CVE-2018-0764?

CVE-2018-0764 is a vulnerability with a CVSS score of 7.5 (HIGH). Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents ...

How severe is CVE-2018-0764?

CVE-2018-0764 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-0764?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Core, Microsoft Powershell Core, Microsoft .Net Framework, Microsoft Windows Server 2008, Microsoft Windows 10.