CVE-2020-0603

Published: Jan 14, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.

Affected (5)

Products: Microsoft: Asp.net Core · Redhat: Enterprise Linux, Enterprise Linux Eus

1 product

2 products

Enterprise Linux

Enterprise Linux Eus

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Asp.net Core	Version 2.1
Microsoft Asp.net Core	Version 3.0
Microsoft Asp.net Core	Version 3.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux Eus	Version 8.1

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

https://access.redhat.com/errata/RHSA-2020:0130

Source: secure@microsoft.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0134

Source: secure@microsoft.com

Third Party Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603

Source: secure@microsoft.com

PatchVendor Advisory

https://access.redhat.com/errata/RHSA-2020:0130

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0134

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.