CVE-2021-26423

HIGH

.NET 5.0 < 5.0.8 and .NET Core 2.1 < 2.1.28 - Denial of Service

Title source: llm
STIX 2.1

Description

.NET Core and Visual Studio Denial of Service Vulnerability

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0386
EPSS Percentile 89.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

Status published
Products (40)
microsoft/.net 5.0 - 5.0.8
Microsoft/.NET 5.0 5.0.0 - 5.0.9
Microsoft/.NET Core 2.1 2.1 - 2.1.30
Microsoft/.NET Core 3.1 3.1 - 3.1.18
microsoft/.net_core 2.1 - 2.1.28
Microsoft/Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) 15.9.0 - 15.9.38
Microsoft/Microsoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9) 16.10.0 - 16.10.5
Microsoft/Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) 16.0 - 16.4.25
Microsoft/Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) 16.0.0 - 16.7.18
Microsoft/Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) 15.0.0 - 16.9.10
... and 30 more
Published Aug 12, 2021
Tracked Since Feb 18, 2026