VYPR
← All advisories
High severityNVD Advisory· Published May 16, 2019· Updated Aug 4, 2024

CVE-2019-0981

CVE-2019-0981

Description

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial of service vulnerability in .NET Framework/Core when handling crafted web requests allows remote unauthenticated attackers to crash applications.

Vulnerability

Details

CVE-2019-0981 is a denial of service vulnerability in .NET Framework and .NET Core that arises when the software improperly handles specially crafted web requests. The core flaw exists in the System.Private.Uri package, where malformed input can lead to excessive resource consumption or application termination [2][3].

Exploitation

An attacker can exploit this vulnerability remotely without authentication by sending specially crafted HTTP requests to a vulnerable .NET Core or ASP.NET Core application. No special privileges or user interaction are required, making the attack surface broad for any internet-facing service using the affected components [3].

Impact

Successful exploitation causes the targeted .NET application to become unresponsive or crash, resulting in a denial of service. This can disrupt availability of web services, APIs, or other .NET-based applications, potentially leading to downtime and resource exhaustion [2][3].

Mitigation

Microsoft released a security update that corrects the request handling in System.Private.Uri version 4.3.2. Developers should update their .NET Core runtime or SDK to a secure version (1.0.x, 1.1.x, 2.1.x, or 2.2.x with the patch) and ensure the System.Private.Uri package is upgraded to 4.3.2 or later [3]. No workarounds are available, and the vulnerability cannot be mitigated by configuration alone.

References
  1. NVD - CVE-2019-0981
  2. Microsoft Security Advisory CVE-2019-0981: .NET Core Denial of Service Vulnerability

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
System.Private.UriNuGet
>= 4.3.0, < 4.3.24.3.2

Affected products

50
  • Microsoft/.net Frameworkllm-fuzzy
  • .NET Core/.NET Corellm-fuzzy
  • ghsa-coords
    pkg:nuget/system.private.uri
    Range: >= 4.3.0, < 4.3.2
  • Microsoft/Microsoft .NET Frameworkcpe-rescue11 versions
    Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2+ 10 more
    • (no CPE)range: Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2
    • (no CPE)range: Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2
    • (no CPE)range: Windows Server 2012
    • (no CPE)range: Windows 7 for 32-bit Systems Service Pack 1
    • (no CPE)range: Windows 7 for 32-bit Systems Service Pack 1
    • (no CPE)range: Windows Server 2008 for 32-bit Systems Service Pack 2
    • (no CPE)range: Windows Server 2016
    • (no CPE)range: Windows 7 for 32-bit Systems Service Pack 1
    • (no CPE)range: Windows 10 Version 1709 for 32-bit Systems
    • (no CPE)range: Windows 10 Version 1803 for 32-bit Systems
    • (no CPE)range: Windows 10 Version 1703 for 32-bit Systems
  • Microsoft/Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 on Windows Server, version 1903 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.6.2 on Windows 10 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.6.2 on Windows 10 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows RT 8.1v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2012v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2012 R2v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2016v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2019v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server, version 1903 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Aspnetcorecpe-rescue
    Range: 1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.