Vulnerability Description
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | .Net Core | 2.0 |
| Microsoft | .Net Framework | 2.0 |
| Microsoft | Windows Server 2008 | All versions |
| Microsoft | Windows 10 | - |
| Microsoft | Windows 8.1 | All versions |
| Microsoft | Windows Server 2012 | All versions |
| Microsoft | Windows Server 2016 | - |
| Microsoft | Windows 7 | - |
| Microsoft | Windows Rt 8.1 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104060Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040851Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765PatchVendor Advisory
- http://www.securityfocus.com/bid/104060Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040851Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765PatchVendor Advisory
FAQ
What is CVE-2018-0765?
CVE-2018-0765 is a vulnerability with a CVSS score of 7.5 (HIGH). A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, ...
How severe is CVE-2018-0765?
CVE-2018-0765 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0765?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Core, Microsoft .Net Framework, Microsoft Windows Server 2008, Microsoft Windows 10, Microsoft Windows 8.1.