CVE-2018-8356
Description
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
System.Private.ServiceModelNuGet | >= 4.0.0, < 4.1.3 | 4.1.3 |
System.Private.ServiceModelNuGet | >= 4.3.0, < 4.3.3 | 4.3.3 |
System.Private.ServiceModelNuGet | >= 4.4.0, < 4.4.4 | 4.4.4 |
System.Private.ServiceModelNuGet | >= 4.5.0, < 4.5.3 | 4.5.3 |
System.ServiceModel.DuplexNuGet | >= 4.3.0, < 4.3.3 | 4.3.3 |
System.ServiceModel.DuplexNuGet | >= 4.4.0, < 4.4.4 | 4.4.4 |
System.ServiceModel.DuplexNuGet | >= 4.5.0, < 4.5.3 | 4.5.3 |
System.ServiceModel.DuplexNuGet | >= 4.0.0, < 4.0.4 | 4.0.4 |
System.ServiceModel.HttpNuGet | >= 4.3.0, < 4.3.3 | 4.3.3 |
System.ServiceModel.HttpNuGet | >= 4.4.0, < 4.4.4 | 4.4.4 |
System.ServiceModel.HttpNuGet | >= 4.5.0, < 4.5.3 | 4.5.3 |
System.ServiceModel.HttpNuGet | >= 4.0.0, < 4.1.3 | 4.1.3 |
System.ServiceModel.NetTcpNuGet | >= 4.3.0, < 4.3.3 | 4.3.3 |
System.ServiceModel.NetTcpNuGet | >= 4.4.0, < 4.4.4 | 4.4.4 |
System.ServiceModel.NetTcpNuGet | >= 4.5.0, < 4.5.3 | 4.5.3 |
System.ServiceModel.NetTcpNuGet | >= 4.0.0, < 4.1.3 | 4.1.3 |
System.ServiceModel.PrimitivesNuGet | >= 4.3.0, < 4.3.3 | 4.3.3 |
System.ServiceModel.PrimitivesNuGet | >= 4.4.0, < 4.4.4 | 4.4.4 |
System.ServiceModel.PrimitivesNuGet | >= 4.5.0, < 4.5.3 | 4.5.3 |
System.ServiceModel.PrimitivesNuGet | >= 4.0.0, < 4.1.3 | 4.1.3 |
System.ServiceModel.SecurityNuGet | >= 4.3.0, < 4.3.3 | 4.3.3 |
System.ServiceModel.SecurityNuGet | >= 4.4.0, < 4.4.4 | 4.4.4 |
System.ServiceModel.SecurityNuGet | >= 4.5.0, < 4.5.3 | 4.5.3 |
System.ServiceModel.SecurityNuGet | >= 4.0.0, < 4.0.4 | 4.0.4 |
Affected products
10- ghsa-coords6 versionspkg:nuget/system.private.servicemodelpkg:nuget/system.servicemodel.duplexpkg:nuget/system.servicemodel.httppkg:nuget/system.servicemodel.nettcppkg:nuget/system.servicemodel.primitivespkg:nuget/system.servicemodel.security
>= 4.0.0, < 4.1.3+ 5 more
- (no CPE)range: >= 4.0.0, < 4.1.3
- (no CPE)range: >= 4.3.0, < 4.3.3
- (no CPE)range: >= 4.3.0, < 4.3.3
- (no CPE)range: >= 4.3.0, < 4.3.3
- (no CPE)range: >= 4.3.0, < 4.3.3
- (no CPE)range: >= 4.3.0, < 4.3.3
- Range: 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2
- Range: 1.0
- Range: 4.7.2 Developer Pack
Patches
Vulnerability mechanics
References
7- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356nvdPatchVendor AdvisoryWEB
- www.securityfocus.com/bid/104664nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1041257nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-p9wx-v264-q34pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-8356ghsaADVISORY
- github.com/dotnet/announcements/issues/73ghsaWEB
- github.com/github/advisory-database/issues/302ghsaWEB
News mentions
0No linked articles in our index yet.