VYPR
← All advisories
High severityNVD Advisory· Published May 21, 2020· Updated Aug 4, 2024

CVE-2020-1108

CVE-2020-1108

Description

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A remote unauthenticated denial of service vulnerability in .NET Core and .NET Framework due to improper handling of web requests, allowing attackers to crash affected applications.

CVE-2020-1108 is a denial of service (DoS) vulnerability in .NET Core and .NET Framework resulting from improper handling of web requests [1][2]. The root cause lies in the way the web request processing logic fails to properly validate or handle specially crafted inputs, leading to resource exhaustion or crashes [2].

An attacker can exploit this vulnerability remotely without authentication by sending specially crafted HTTP requests to a vulnerable .NET Core application [2]. No special privileges or network position are required, making the attack surface broad for any publicly accessible .NET Core web application. Affected versions include .NET Core 2.1 (up to 2.1.18), .NET Core 3.1 (up to 3.1.4), and .NET 5 Preview 3 or lower [2].

Successful exploitation causes the target application to become unresponsive or crash, resulting in a denial of service [1][2]. This can disrupt legitimate user access and degrade service availability.

Microsoft has released updates to address the vulnerability in the latest versions of .NET Core and .NET Framework [2]. Users are advised to upgrade to .NET Core 2.1.19 or later, .NET Core 3.1.5 or later, or .NET 5 Preview 4 or later. Note that .NET Core 3.0 is out of support and should be migrated to a supported version [2].

References
  1. NVD - CVE-2020-1108
  2. Microsoft Security Advisory CVE-2020-1108 | .NET Core Denial of Service Vulnerability [Update]

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.NETCore.AppNuGet
>= 2.1.0, < 2.1.182.1.18
Microsoft.NETCore.App.Runtime.linux-armNuGet
>= 3.1.0, < 3.1.43.1.4
Microsoft.NETCore.App.Runtime.linux-arm64NuGet
>= 3.1.0, < 3.1.43.1.4
Microsoft.NETCore.App.Runtime.linux-musl-arm64NuGet
>= 3.1.0, < 3.1.43.1.4
Microsoft.NETCore.App.Runtime.linux-musl-x64NuGet
>= 3.1.0, < 3.1.43.1.4
Microsoft.NETCore.App.Runtime.linux-x64NuGet
>= 3.1.0, < 3.1.43.1.4
Microsoft.NETCore.App.Runtime.osx-x64NuGet
>= 3.1.0, < 3.1.43.1.4
Microsoft.NETCore.App.Runtime.rhel.6-x64NuGet
>= 3.1.0, < 3.1.43.1.4
Microsoft.NETCore.App.Runtime.win-armNuGet
>= 3.1.0, < 3.1.43.1.4
Microsoft.NETCore.App.Runtime.win-arm64NuGet
>= 3.1.0, < 3.1.43.1.4
Microsoft.NETCore.App.Runtime.win-x64NuGet
>= 3.1.0, < 3.1.43.1.4
Microsoft.NETCore.App.Runtime.win-x86NuGet
>= 3.1.0, < 3.1.43.1.4

Affected products

80
  • osv-coords15 versions
    pkg:bitnami/dotnetpkg:bitnami/dotnet-sdkpkg:bitnami/powershellpkg:nuget/microsoft.netcore.apppkg:nuget/microsoft.netcore.app.runtime.linux-armpkg:nuget/microsoft.netcore.app.runtime.linux-arm64pkg:nuget/microsoft.netcore.app.runtime.linux-musl-arm64pkg:nuget/microsoft.netcore.app.runtime.linux-musl-x64pkg:nuget/microsoft.netcore.app.runtime.linux-x64pkg:nuget/microsoft.netcore.app.runtime.osx-x64pkg:nuget/microsoft.netcore.app.runtime.rhel.6-x64pkg:nuget/microsoft.netcore.app.runtime.win-armpkg:nuget/microsoft.netcore.app.runtime.win-arm64pkg:nuget/microsoft.netcore.app.runtime.win-x64pkg:nuget/microsoft.netcore.app.runtime.win-x86
    >= 5.0-preview1.0, <= 5.0-preview1.0+ 14 more
    • (no CPE)range: >= 5.0-preview1.0, <= 5.0-preview1.0
    • (no CPE)range: >= 5.0-preview1.0, <= 5.0-preview1.0
    • (no CPE)range: >= 7.0.0, <= 7.0.0
    • (no CPE)range: >= 2.1.0, < 2.1.18
    • (no CPE)range: >= 3.1.0, < 3.1.4
    • (no CPE)range: >= 3.1.0, < 3.1.4
    • (no CPE)range: >= 3.1.0, < 3.1.4
    • (no CPE)range: >= 3.1.0, < 3.1.4
    • (no CPE)range: >= 3.1.0, < 3.1.4
    • (no CPE)range: >= 3.1.0, < 3.1.4
    • (no CPE)range: >= 3.1.0, < 3.1.4
    • (no CPE)range: >= 3.1.0, < 3.1.4
    • (no CPE)range: >= 3.1.0, < 3.1.4
    • (no CPE)range: >= 3.1.0, < 3.1.4
    • (no CPE)range: >= 3.1.0, < 3.1.4
  • Microsoft/Microsoft .NET Framework 2.0v5
    Range: Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2
  • Microsoft/Microsoft .NET Framework 3.0v5
    Range: Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2
  • Microsoft/Microsoft .NET Framework 3.5v5
    Range: Windows 8.1 for 32-bit systems
  • Microsoft/Microsoft .NET Framework 3.5.1v5
    Range: Windows 7 for 32-bit Systems Service Pack 1
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)v5
    Range: 1903
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.5.2v5
    Range: Windows 7 for 32-bit Systems Service Pack 1
  • Microsoft/Microsoft .NET Framework 4.6v5
    Range: Windows Server 2008 for 32-bit Systems Service Pack 2
  • Microsoft/Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2v5
    Range: Windows 7 for 32-bit Systems Service Pack 1
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows RT 8.1v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2012v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2012 R2v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2016v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)v5
    Range: unspecified
  • Microsoft/Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)v5
    Range: unspecified
  • Microsoft/Microsoft Visual Studio 2019v5
    Range: 16.0
  • Microsoft/Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)v5
    Range: unspecified
  • Microsoft/Microsoft Visual Studio 2019 version 16.5v5
    Range: unspecified
  • Microsoft/.NET Corev5
    Range: 3.1
  • Microsoft/.NET Core 5.0v5
    Range: unspecified
  • Microsoft/PowerShell 7.0v5
    Range: unspecified
  • Microsoft/PowerShell Corev5
    Range: 6.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.