CVE-2020-0603
dotnet: Memory Corruption in SignalR
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
Se presenta una vulnerabilidad de ejecución de código remota en el software ASP.NET Core cuando el software presenta un fallo al manejar los objetos en memoria. Un atacante que explotó con éxito la vulnerabilidad podría ejecutar código arbitrario en el contexto del usuario actual, también se conoce como "ASP.NET Core Remote Code Execution Vulnerability".
A memory corruption flaw was found in ASP.NET core. A client can write to freed memory on the server which could result in undefined behavior. An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code by sending specially crafted requests to an ASP.NET Core application.
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.0.102, .NET Core Runtime 3.0.2, .NET Core SDK 3.1.101 and .NET Core Runtime 3.1.1. Security Fixes: dotnet: Memory Corruption in SignalR. Issues addressed include a denial of service vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-04 CVE Reserved
- 2020-01-14 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603 | 2021-07-21 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2020:0130 | 2021-07-21 | |
| https://access.redhat.com/errata/RHSA-2020:0134 | 2021-07-21 | |
| https://access.redhat.com/security/cve/CVE-2020-0603 | 2020-01-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1789624 | 2020-01-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Asp.net Core Search vendor "Microsoft" for product "Asp.net Core" | 2.1 Search vendor "Microsoft" for product "Asp.net Core" and version "2.1" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Asp.net Core Search vendor "Microsoft" for product "Asp.net Core" | 3.0 Search vendor "Microsoft" for product "Asp.net Core" and version "3.0" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Asp.net Core Search vendor "Microsoft" for product "Asp.net Core" | 3.1 Search vendor "Microsoft" for product "Asp.net Core" and version "3.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.1 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.1" | - |
Affected
| ||||||