CVE-2018-8416
Core: Arbitrary file and directory creation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1.
Existe una vulnerabilidad de manipulaciĆ³n cuando .NET Core analiza de manera incorrecta Los archivos especialmente manipulados. Esta vulnerabilidad tambiĆ©n se conoce como ".NET Core Tampering Vulnerability". Esto afecta a .NET Core 2.1.
.NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses a security vulnerability is now available. The updated version is .NET Core 2.1.5. Issues addressed include arbitrary file read and directory creation vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-03-14 CVE Reserved
- 2018-11-14 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105798 | Third Party Advisory | |
| http://www.securitytracker.com/id/1042128 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416 | 2020-08-24 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:3676 | 2020-08-24 | |
| https://access.redhat.com/security/cve/CVE-2018-8416 | 2018-11-27 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1649693 | 2018-11-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Asp.net Core Search vendor "Microsoft" for product "Asp.net Core" | 2.1 Search vendor "Microsoft" for product "Asp.net Core" and version "2.1" | - |
Affected
| ||||||