CVE-2019-0820
HIGH.NET Framework and .NET Core - Denial of Service via RegEx String Processing
Title source: llmDescription
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1259
Scores
CVSS v3
7.5
EPSS
0.0476
EPSS Percentile
89.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (28)
microsoft/.net_core
1.0
microsoft/.net_core
1.1
microsoft/.net_core
2.1
microsoft/.net_core
2.2
microsoft/.net_framework
2.0 sp2
microsoft/.net_framework
3.0 sp2
microsoft/.net_framework
3.5
microsoft/.net_framework
3.5.1
microsoft/.net_framework
4.5.2
microsoft/.net_framework
4.6
... and 18 more
Published
May 16, 2019
Tracked Since
Feb 18, 2026