Vulnerability-Lookup

CVE-2020-0603 (GCVE-0-2020-0603)

Vulnerability from cvelistv5 – Published: 2020-01-14 23:11 – Updated: 2024-08-04 06:11

Summary

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.

Severity ?

No CVSS data available.

CWE

Remote Code Execution

Assigner

microsoft

References

URL

	Vendor	Product	Version
	Microsoft	ASP.NET Core	Affected: 2.1 Affected: 3.0 Affected: 3.1

GHSA-655Q-9GVG-Q4CM

Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2022-07-07 23:10

Summary

Remote code execution in ASP.NET Core

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.All"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.1.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.0.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.Http.Connections"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "1.0.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-arm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.osx-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-arm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-0603"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T23:10:27Z",
    "nvd_published_at": "2020-01-14T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027.",
  "id": "GHSA-655q-9gvg-q4cm",
  "modified": "2022-07-07T23:10:27Z",
  "published": "2022-05-24T17:06:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0603"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aspnet/Announcements/issues/403"
    },
    {
      "type": "WEB",
      "url": "https://github.com/github/advisory-database/issues/302"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0130"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0134"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Remote code execution in ASP.NET Core"
}

CNVD-2020-16653

Vulnerability from cnvd - Published: 2020-03-10

Title

Microsoft ASP.NET Core远程代码执行漏洞

Description

Microsoft ASP.NET Core是美国微软（Microsoft）公司的一框跨平台开源框架。该框架用于构建Web应用、物联网应用和移动后端等基于云的应用程序。 Microsoft ASP.NET Core 2.1版本、3.0版本和3.1版本中存在远程代码执行漏洞，该漏洞源于程序无法处理内存对象。攻击者可借助特制的文件利用该漏洞在当前用户的上下文中执行任意代码。

Severity

高

Patch Name

Microsoft ASP.NET Core远程代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603

Reference

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603

Impacted products

Name
['Microsoft ASP.NET Core 2.1', 'Microsoft ASP.NET Core 3.0', 'Microsoft ASP.NET Core 3.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-0603"
    }
  },
  "description": "Microsoft ASP.NET Core\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6846\u8de8\u5e73\u53f0\u5f00\u6e90\u6846\u67b6\u3002\u8be5\u6846\u67b6\u7528\u4e8e\u6784\u5efaWeb\u5e94\u7528\u3001\u7269\u8054\u7f51\u5e94\u7528\u548c\u79fb\u52a8\u540e\u7aef\u7b49\u57fa\u4e8e\u4e91\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\n\nMicrosoft ASP.NET Core 2.1\u7248\u672c\u30013.0\u7248\u672c\u548c3.1\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u65e0\u6cd5\u5904\u7406\u5185\u5b58\u5bf9\u8c61\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-16653",
  "openTime": "2020-03-10",
  "patchDescription": "Microsoft ASP.NET Core\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6846\u8de8\u5e73\u53f0\u5f00\u6e90\u6846\u67b6\u3002\u8be5\u6846\u67b6\u7528\u4e8e\u6784\u5efaWeb\u5e94\u7528\u3001\u7269\u8054\u7f51\u5e94\u7528\u548c\u79fb\u52a8\u540e\u7aef\u7b49\u57fa\u4e8e\u4e91\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nMicrosoft ASP.NET Core 2.1\u7248\u672c\u30013.0\u7248\u672c\u548c3.1\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u65e0\u6cd5\u5904\u7406\u5185\u5b58\u5bf9\u8c61\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft ASP.NET Core\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft ASP.NET Core 2.1",
      "Microsoft ASP.NET Core 3.0",
      "Microsoft ASP.NET Core 3.1"
    ]
  },
  "referenceLink": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
  "serverity": "\u9ad8",
  "submitTime": "2020-01-22",
  "title": "Microsoft ASP.NET Core\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CERTFR-2020-AVI-027

Vulnerability from certfr_avis - Published: 2020-01-14 - Updated: 2020-01-14

De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une exécution de code à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	.Net	ASP.NET Core 3.0
Microsoft	N/A	Microsoft .NET Framework 4.8
Microsoft	N/A	Microsoft .NET Framework 3.0 Service Pack 2
Microsoft	N/A	Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2
Microsoft	N/A	Microsoft .NET Framework 3.5
Microsoft	N/A	Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft	N/A	Microsoft .NET Framework 3.5 AND 4.8
Microsoft	N/A	.NET Core 3.0
Microsoft	N/A	Microsoft .NET Framework 3.5 AND 4.7.2
Microsoft	N/A	.NET Core 3.1
Microsoft	.Net	ASP.NET Core 3.1
Microsoft	N/A	Microsoft .NET Framework 3.5.1
Microsoft	N/A	Microsoft .NET Framework 4.5.2
Microsoft	N/A	Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft	.Net	ASP.NET Core 2.1
Microsoft	N/A	Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft	N/A	Microsoft .NET Framework 4.6

References

Title

Publication Time

FKIE_CVE-2020-0603

Vulnerability from fkie_nvd - Published: 2020-01-14 23:15 - Updated: 2024-11-21 04:53

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	https://access.redhat.com/errata/RHSA-2020:0130	Third Party Advisory
secure@microsoft.com	https://access.redhat.com/errata/RHSA-2020:0134	Third Party Advisory
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0130	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0134	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	asp.net_core	2.1
microsoft	asp.net_core	3.0
microsoft	asp.net_core	3.1
redhat	enterprise_linux	8.0
redhat	enterprise_linux_eus	8.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C3047E-C222-4636-B1B3-722F2C65BC99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_core:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4319AB8-5013-46B4-8E3C-6FDCFC65FC7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE4072E-3226-435C-BC61-A775D3EF2822",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en el software ASP.NET Core cuando el software presenta un fallo al manejar los objetos en memoria. Un atacante que explot\u00f3 con \u00e9xito la vulnerabilidad podr\u00eda ejecutar c\u00f3digo arbitrario en el contexto del usuario actual, tambi\u00e9n se conoce como \"ASP.NET Core Remote Code Execution Vulnerability\"."
    }
  ],
  "id": "CVE-2020-0603",
  "lastModified": "2024-11-21T04:53:50.333",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-14T23:15:30.347",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0130"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0134"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2020-0603

Vulnerability from fstec - Published: 14.01.2020

Title

Уязвимость программной платформы ASP.NET Core, существующая из-за ошибок обработки объектов в памяти, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость программной платформы ASP.NET Core существует из-за ошибок обработки объектов в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Microsoft Corp

Software Name

ASP.NET Core

Software Version

2.1 (ASP.NET Core), 3.0 (ASP.NET Core), 3.1 (ASP.NET Core)

Possible Mitigations

Использование рекомендаций: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603

Reference

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603 https://www.cybersecurity-help.cz/vdb/SB2020011436

CWE

CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "2.1 (ASP.NET Core), 3.0 (ASP.NET Core), 3.1 (ASP.NET Core)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.01.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.01.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-00188",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-0603",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "ASP.NET Core",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b ASP.NET Core, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0430\u044f \u0438\u0437-\u0437\u0430 \u043e\u0448\u0438\u0431\u043e\u043a \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b ASP.NET Core \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043e\u0448\u0438\u0431\u043e\u043a \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603\nhttps://www.cybersecurity-help.cz/vdb/SB2020011436",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

GSD-2020-0603

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-0603

Aliases

CVE-2020-0603

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-0603",
    "description": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027.",
    "id": "GSD-2020-0603",
    "references": [
      "https://access.redhat.com/errata/RHSA-2020:0134",
      "https://access.redhat.com/errata/RHSA-2020:0130",
      "https://linux.oracle.com/cve/CVE-2020-0603.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-0603"
      ],
      "details": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027.",
      "id": "GSD-2020-0603",
      "modified": "2023-12-13T01:21:44.487956Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2020-0603",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ASP.NET Core",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.1"
                        },
                        {
                          "version_value": "3.0"
                        },
                        {
                          "version_value": "3.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"
          },
          {
            "name": "RHSA-2020:0130",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2020:0130"
          },
          {
            "name": "RHSA-2020:0134",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2020:0134"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[2.1],[3.0,3.1]",
          "affected_versions": "Version 2.1, all versions starting from 3.0 up to 3.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2021-07-21",
          "description": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027.",
          "fixed_versions": [
            "3.1.1"
          ],
          "identifier": "CVE-2020-0603",
          "identifiers": [
            "CVE-2020-0603"
          ],
          "not_impacted": "All versions before 2.1, all versions after 2.1 before 3.0, all versions after 3.1",
          "package_slug": "nuget/Microsoft.AspNetCore.All",
          "pubdate": "2020-01-14",
          "solution": "Upgrade to version 3.1.1 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-0603",
            "https://github.com/aspnet/Announcements/issues/403",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
            "https://access.redhat.com/errata/RHSA-2020:0130",
            "https://access.redhat.com/errata/RHSA-2020:0134"
          ],
          "uuid": "38e9920c-42a0-4b99-b612-197ab3589506"
        },
        {
          "affected_range": "[3.1.0,3.1.1)",
          "affected_versions": "All versions starting from 3.1.0 before 3.1.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2022-10-31",
          "description": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027.",
          "fixed_versions": [
            "3.1.1"
          ],
          "identifier": "CVE-2020-0603",
          "identifiers": [
            "GHSA-655q-9gvg-q4cm",
            "CVE-2020-0603"
          ],
          "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.1",
          "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-arm",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to version 3.1.1 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-0603",
            "https://access.redhat.com/errata/RHSA-2020:0130",
            "https://access.redhat.com/errata/RHSA-2020:0134",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
            "https://github.com/aspnet/Announcements/issues/403",
            "https://github.com/github/advisory-database/issues/302",
            "https://github.com/advisories/GHSA-655q-9gvg-q4cm"
          ],
          "uuid": "945ff538-5993-4a15-a990-26c59739cca5"
        },
        {
          "affected_range": "[3.1.0,3.1.1)",
          "affected_versions": "All versions starting from 3.1.0 before 3.1.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2022-10-31",
          "description": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027.",
          "fixed_versions": [
            "3.1.1"
          ],
          "identifier": "CVE-2020-0603",
          "identifiers": [
            "GHSA-655q-9gvg-q4cm",
            "CVE-2020-0603"
          ],
          "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.1",
          "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to version 3.1.1 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-0603",
            "https://access.redhat.com/errata/RHSA-2020:0130",
            "https://access.redhat.com/errata/RHSA-2020:0134",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
            "https://github.com/aspnet/Announcements/issues/403",
            "https://github.com/github/advisory-database/issues/302",
            "https://github.com/advisories/GHSA-655q-9gvg-q4cm"
          ],
          "uuid": "d12a6ea8-000c-4256-83d1-80b9700e0102"
        },
        {
          "affected_range": "[3.1.0,3.1.1)",
          "affected_versions": "All versions starting from 3.1.0 before 3.1.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2022-10-31",
          "description": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027.",
          "fixed_versions": [
            "3.1.1"
          ],
          "identifier": "CVE-2020-0603",
          "identifiers": [
            "GHSA-655q-9gvg-q4cm",
            "CVE-2020-0603"
          ],
          "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.1",
          "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to version 3.1.1 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-0603",
            "https://access.redhat.com/errata/RHSA-2020:0130",
            "https://access.redhat.com/errata/RHSA-2020:0134",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
            "https://github.com/aspnet/Announcements/issues/403",
            "https://github.com/github/advisory-database/issues/302",
            "https://github.com/advisories/GHSA-655q-9gvg-q4cm"
          ],
          "uuid": "15491288-4aa0-43cd-8ef2-69393b7f4173"
        },
        {
          "affected_range": "[3.1.0,3.1.1)",
          "affected_versions": "All versions starting from 3.1.0 before 3.1.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2022-10-31",
          "description": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027.",
          "fixed_versions": [
            "3.1.1"
          ],
          "identifier": "CVE-2020-0603",
          "identifiers": [
            "GHSA-655q-9gvg-q4cm",
            "CVE-2020-0603"
          ],
          "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.1",
          "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-x64",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to version 3.1.1 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-0603",
            "https://access.redhat.com/errata/RHSA-2020:0130",
            "https://access.redhat.com/errata/RHSA-2020:0134",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
            "https://github.com/aspnet/Announcements/issues/403",
            "https://github.com/github/advisory-database/issues/302",
            "https://github.com/advisories/GHSA-655q-9gvg-q4cm"
          ],
          "uuid": "e2fb21fa-d356-4ad0-97d1-26a3693f1f86"
        },
        {
          "affected_range": "[3.1.0,3.1.1)",
          "affected_versions": "All versions starting from 3.1.0 before 3.1.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2022-10-31",
          "description": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027.",
          "fixed_versions": [
            "3.1.1"
          ],
          "identifier": "CVE-2020-0603",
          "identifiers": [
            "GHSA-655q-9gvg-q4cm",
            "CVE-2020-0603"
          ],
          "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.1",
          "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.linux-x64",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to version 3.1.1 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-0603",
            "https://access.redhat.com/errata/RHSA-2020:0130",
            "https://access.redhat.com/errata/RHSA-2020:0134",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
            "https://github.com/aspnet/Announcements/issues/403",
            "https://github.com/github/advisory-database/issues/302",
            "https://github.com/advisories/GHSA-655q-9gvg-q4cm"
          ],
          "uuid": "8a4d610b-8bf1-4224-a79b-307555729d96"
        },
        {
          "affected_range": "[3.1.0,3.1.1)",
          "affected_versions": "All versions starting from 3.1.0 before 3.1.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2022-10-31",
          "description": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027.",
          "fixed_versions": [
            "3.1.1"
          ],
          "identifier": "CVE-2020-0603",
          "identifiers": [
            "GHSA-655q-9gvg-q4cm",
            "CVE-2020-0603"
          ],
          "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.1",
          "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.osx-x64",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to version 3.1.1 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-0603",
            "https://access.redhat.com/errata/RHSA-2020:0130",
            "https://access.redhat.com/errata/RHSA-2020:0134",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
            "https://github.com/aspnet/Announcements/issues/403",
            "https://github.com/github/advisory-database/issues/302",
            "https://github.com/advisories/GHSA-655q-9gvg-q4cm"
          ],
          "uuid": "432b179c-8474-4eb8-a3f2-e1b0a9c4a2a1"
        },
        {
          "affected_range": "[3.1.0,3.1.1)",
          "affected_versions": "All versions starting from 3.1.0 before 3.1.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2022-10-31",
          "description": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027.",
          "fixed_versions": [
            "3.1.1"
          ],
          "identifier": "CVE-2020-0603",
          "identifiers": [
            "GHSA-655q-9gvg-q4cm",
            "CVE-2020-0603"
          ],
          "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.1",
          "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.win-arm",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to version 3.1.1 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-0603",
            "https://access.redhat.com/errata/RHSA-2020:0130",
            "https://access.redhat.com/errata/RHSA-2020:0134",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
            "https://github.com/aspnet/Announcements/issues/403",
            "https://github.com/github/advisory-database/issues/302",
            "https://github.com/advisories/GHSA-655q-9gvg-q4cm"
          ],
          "uuid": "e0594a35-7e78-41b3-b654-2a02f39c3dc2"
        },
        {
          "affected_range": "[3.1.0,3.1.1)",
          "affected_versions": "All versions starting from 3.1.0 before 3.1.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2022-10-31",
          "description": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027.",
          "fixed_versions": [
            "3.1.1"
          ],
          "identifier": "CVE-2020-0603",
          "identifiers": [
            "GHSA-655q-9gvg-q4cm",
            "CVE-2020-0603"
          ],
          "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.1",
          "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.win-x64",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to version 3.1.1 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-0603",
            "https://access.redhat.com/errata/RHSA-2020:0130",
            "https://access.redhat.com/errata/RHSA-2020:0134",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
            "https://github.com/aspnet/Announcements/issues/403",
            "https://github.com/github/advisory-database/issues/302",
            "https://github.com/advisories/GHSA-655q-9gvg-q4cm"
          ],
          "uuid": "ef4af269-2dd8-45c5-a0ab-8decd3411916"
        },
        {
          "affected_range": "[3.1.0,3.1.1)",
          "affected_versions": "All versions starting from 3.1.0 before 3.1.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2022-10-31",
          "description": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027.",
          "fixed_versions": [
            "3.1.1"
          ],
          "identifier": "CVE-2020-0603",
          "identifiers": [
            "GHSA-655q-9gvg-q4cm",
            "CVE-2020-0603"
          ],
          "not_impacted": "All versions before 3.1.0, all versions starting from 3.1.1",
          "package_slug": "nuget/Microsoft.AspNetCore.App.Runtime.win-x86",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to version 3.1.1 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-0603",
            "https://access.redhat.com/errata/RHSA-2020:0130",
            "https://access.redhat.com/errata/RHSA-2020:0134",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
            "https://github.com/aspnet/Announcements/issues/403",
            "https://github.com/github/advisory-database/issues/302",
            "https://github.com/advisories/GHSA-655q-9gvg-q4cm"
          ],
          "uuid": "eacb51c8-2768-4d18-ba84-ef497091d868"
        },
        {
          "affected_range": "[2.1.0,2.1.15),[3.0.0,3.1.0]",
          "affected_versions": "All versions starting from 2.1.0 before 2.1.15, all versions starting from 3.0.0 up to 3.1.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2022-07-07",
          "description": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027.",
          "fixed_versions": [
            "3.1.1",
            "2.1.15"
          ],
          "identifier": "CVE-2020-0603",
          "identifiers": [
            "GHSA-655q-9gvg-q4cm",
            "CVE-2020-0603"
          ],
          "not_impacted": "All versions before 2.1.0, all versions starting from 2.1.15 before 3.0.0, all versions after 3.1.0",
          "package_slug": "nuget/Microsoft.AspNetCore.App",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to versions 3.1.1, 2.1.15 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-0603",
            "https://access.redhat.com/errata/RHSA-2020:0130",
            "https://access.redhat.com/errata/RHSA-2020:0134",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
            "https://github.com/aspnet/Announcements/issues/403",
            "https://github.com/github/advisory-database/issues/302",
            "https://github.com/advisories/GHSA-655q-9gvg-q4cm"
          ],
          "uuid": "ba7fe885-3fbd-40f0-b0f5-12f89a01c0c4"
        },
        {
          "affected_range": "[1.0.0,1.0.15)",
          "affected_versions": "All versions starting from 1.0.0 before 1.0.15",
          "cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2022-07-07",
          "description": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027.",
          "fixed_versions": [
            "1.0.15"
          ],
          "identifier": "CVE-2020-0603",
          "identifiers": [
            "GHSA-655q-9gvg-q4cm",
            "CVE-2020-0603"
          ],
          "not_impacted": "All versions before 1.0.0, all versions starting from 1.0.15",
          "package_slug": "nuget/Microsoft.AspNetCore.Http.Connections",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to version 1.0.15 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-0603",
            "https://access.redhat.com/errata/RHSA-2020:0130",
            "https://access.redhat.com/errata/RHSA-2020:0134",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
            "https://github.com/aspnet/Announcements/issues/403",
            "https://github.com/github/advisory-database/issues/302",
            "https://github.com/advisories/GHSA-655q-9gvg-q4cm"
          ],
          "uuid": "b4c60152-7837-4681-922a-1cf390e2af72"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-0603"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"
            },
            {
              "name": "RHSA-2020:0130",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0130"
            },
            {
              "name": "RHSA-2020:0134",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0134"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-01-14T23:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-0603 (GCVE-0-2020-0603)

GHSA-655Q-9GVG-Q4CM

CNVD-2020-16653

CERTFR-2020-AVI-027

Solution

FKIE_CVE-2020-0603

CVE-2020-0603

GSD-2020-0603

Tags

Sightings

Nomenclature