{"containers": {"cna": {"title": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "datePublic": "2021-01-12T08:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "ASP.NET Core 3.1", "cpes": ["cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "3.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "ASP.NET Core 5.0", "cpes": ["cpe:2.3:a:microsoft:asp.net_core:5.0:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "5.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "cpes": ["cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "16.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2019 version 16.8", "cpes": ["cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "16.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)", "cpes": ["cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "16.0.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-10-08T16:17:31.472Z"}, "references": [{"name": "ASP.NET Core and Visual Studio Denial of Service Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:18:11.552Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2021-1723", "datePublished": "2021-01-12T19:42:47", "dateReserved": "2020-12-02T00:00:00", "dateUpdated": "2024-10-08T16:17:31.472Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "C21F09B3-A69F-43B9-B35E-EBF93314F31E", "versionEndIncluding": "3.1.10", "versionStartIncluding": "3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C91649F-55B9-4675-BA0F-2B876A73D9A4", "versionEndIncluding": "5.0.1", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD824DE6-3564-4B7D-B45C-2EEE1F84C9D2", "versionEndIncluding": "16.8", "versionStartIncluding": "16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ASP.NET Core and Visual Studio Denial of Service Vulnerability"}, {"lang": "es", "value": "Una Vulnerabilidad de Denegaci\u00f3n de Servicio de ASP.NET Core y Visual Studio"}], "id": "CVE-2021-1723", "lastModified": "2024-11-21T05:44:58.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2021-01-12T20:15:34.993", "references": [{"source": "secure@microsoft.com", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:0114", "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7", "package": "rh-dotnet31-dotnet-0:3.1.111-1.el7_9", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2021-01-13T00:00:00Z"}, {"advisory": "RHSA-2021:0096", "cpe": "cpe:/a:redhat:rhel_dotnet:5.0::el7", "package": "rh-dotnet50-dotnet-0:5.0.102-1.el7_9", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2021-01-13T00:00:00Z"}, {"advisory": "RHSA-2021:0094", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet5.0-0:5.0.102-2.el8_3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-01-13T00:00:00Z"}, {"advisory": "RHSA-2021:0095", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet3.1-0:3.1.111-1.el8_3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-01-13T00:00:00Z"}], "bugzilla": {"description": "dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2", "id": "1914258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914258"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-833", "details": ["ASP.NET Core and Visual Studio Denial of Service Vulnerability", "A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability."], "name": "CVE-2021-1723", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:2.1", "fix_state": "Not affected", "package_name": "rh-dotnet21", "product_name": ".NET Core 2.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dotnet3.1", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-01-12T17:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-1723\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-1723\nhttps://github.com/dotnet/announcements/issues/170\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1723"], "threat_severity": "Important"}