High severityNVD Advisory· Published Aug 12, 2021· Updated Aug 3, 2024

.NET Core and Visual Studio Denial of Service Vulnerability

CVE-2021-26423

Description

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
Microsoft.NETCore.App.Runtime.win-x86NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.win-x86NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.win-x64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.win-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.win-arm64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.win-arm64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.win-armNuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.win-armNuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.osx-x64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.osx-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.osx-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.linux-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.linux-arm64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.linux-armNuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.linux-x64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.linux-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.linux-musl-x64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.linux-musl-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.linux-musl-arm64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.linux-musl-arm64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.linux-musl-armNuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.rhel.6-x64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.linux-arm64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.linux-arm64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.linux-armNuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.linux-armNuGet	>= 5.0.0, < 5.0.9	5.0.9

Affected products

Microsoft/Netv5
cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
Range: 5.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-rh58-r7jh-xhx3ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-26423ghsaADVISORY
github.com/dotnet/announcements/issues/194ghsaWEB
github.com/dotnet/runtime/security/advisories/GHSA-rh58-r7jh-xhx3ghsaWEB
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000