CVE-2018-0764
Description
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A denial of service vulnerability in .NET Framework and .NET Core allows an attacker to cause a denial of service by sending specially crafted XML documents.
Vulnerability
Microsoft .NET Framework versions 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 5.7 (likely 4.7.1) and .NET Core versions 1.0, 1.1, and 2.0 are affected by a denial of service vulnerability due to improper processing of XML documents [1][2][3]. The vulnerability is tracked as CVE-2018-0764.
Exploitation
An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted XML document to an affected .NET or .NET Core application [2]. No user interaction is required.
Impact
Successful exploitation causes the application to become unresponsive, resulting in a denial of service condition. There is no impact to data integrity or confidentiality [2].
Mitigation
Microsoft has released security updates for all affected .NET Framework and .NET Core versions. Red Hat provided errata RHSA-2018:0379 for .NET Core on Red Hat Enterprise Linux [1]. For the NuGet package System.Security.Cryptography.Xml, versions prior to 4.4.2 are affected; upgrade to 4.4.2 or later [3]. Apply the latest patches to mitigate this vulnerability.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
System.Security.Cryptography.XmlNuGet | < 4.4.2 | 4.4.2 |
Affected products
2- Microsoft Corporation/.NET Framework and .NET Corev5Range: Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- access.redhat.com/errata/RHSA-2018:0379ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-rr3c-f55v-qhv5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-0764ghsaADVISORY
- www.securityfocus.com/bid/102387ghsavdb-entryx_refsource_BIDWEB
- www.securitytracker.com/id/1040152ghsavdb-entryx_refsource_SECTRACKWEB
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.