Vulnerability Name: CVE-2018-0764 (CCN-136906) Assigned: 2017-12-01 Published: 2018-01-09 Updated: 2021-08-12 Summary: Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765 . CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H )6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L )3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Denial of Service References: Source: MITRE Type: CNACVE-2018-0764 Source: BID Type: Third Party Advisory, VDB Entry102387 Source: CCN Type: BID-102387Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry1040152 Source: REDHAT Type: Third Party AdvisoryRHSA-2018:0379 Source: XF Type: UNKNOWNms-dotnet-cve20180764-dos(136906) Source: CCN Type: Microsoft Security TechCenter - January 2018.NET and .NET Core Denial Of Service Vulnerability Source: CONFIRM Type: Patch, Vendor Advisoryhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:.net_core:2.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_core:1.0:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_core:1.1:-:*:*:*:*:*:* OR cpe:/a:microsoft:powershell_core:6.0:*:*:*:*:*:*:* Configuration 2 :cpe:/a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* Configuration 3 :cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:1703:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1511:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* Configuration 4 :cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* Configuration 5 :cpe:/a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* Configuration 6 :cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:* Configuration 7 :cpe:/a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:1511:*:*:*:*:*:*:* Configuration 8 :cpe:/a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* Configuration 9 :cpe:/a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* Configuration 10 :cpe:/a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:1703:*:*:*:*:*:*:* Configuration 11 :cpe:/a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:1709:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_core:2.0:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_7:*:sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
microsoft .net core 2.0
microsoft .net core 1.0
microsoft .net core 1.1
microsoft powershell core 6.0
microsoft .net framework 2.0 sp2
microsoft .net framework 3.0 sp2
microsoft windows server 2008 - sp2
microsoft .net framework 3.5
microsoft windows 10 1703
microsoft windows server 2012 r2
microsoft windows 8.1 -
microsoft windows 10 -
microsoft windows 10 1511
microsoft windows 10 1607
microsoft windows server 2012 -
microsoft windows server 2016 -
microsoft .net framework 3.5.1
microsoft windows server 2008 r2 sp1
microsoft windows 7 - sp1
microsoft windows server 2008 r2 sp1
microsoft .net framework 4.5.2
microsoft windows server 2008 - sp2
microsoft windows server 2012 -
microsoft windows 7 - sp1
microsoft windows 8.1 -
microsoft windows server 2012 r2
microsoft windows rt 8.1 -
microsoft windows server 2008 r2 sp1
microsoft .net framework 4.6
microsoft windows server 2008 - sp2
microsoft windows 10 -
microsoft .net framework 4.6.1
microsoft windows 10 1511
microsoft .net framework 4.7
microsoft .net framework 4.6.2
microsoft windows 10 1607
microsoft windows server 2016 -
microsoft .net framework 4.6.1
microsoft .net framework 4.7
microsoft .net framework 4.6
microsoft .net framework 4.6.2
microsoft windows server 2008 r2 sp1
microsoft windows server 2012 r2
microsoft windows 7 - sp1
microsoft windows 8.1 -
microsoft windows rt 8.1 -
microsoft windows server 2012 -
microsoft .net framework 4.7
microsoft windows 10 1703
microsoft .net framework 4.7.1
microsoft windows 10 1709
microsoft .net framework 2.0 sp2
microsoft .net framework 3.5
microsoft .net framework 3.5.1
microsoft .net framework 3.0 sp2
microsoft .net framework 4.5.2
microsoft .net framework 4.6
microsoft .net framework 4.6.1
microsoft .net framework 4.7
microsoft .net core 2.0
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows server 2008
microsoft windows 7 - sp1
microsoft windows 7 * sp1
microsoft windows server 2008 r2 sp1
microsoft windows server 2008 r2 sp1
microsoft windows server 2012
microsoft windows 8.1 - -
microsoft windows 8.1 -
microsoft windows server 2012 r2
microsoft windows rt 8.1 *
microsoft windows 10 -
microsoft windows 10 -
microsoft windows server 2016