GHSA-p9wx-v264-q34p

Source

https://github.com/advisories/GHSA-p9wx-v264-q34p

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p9wx-v264-q34p/GHSA-p9wx-v264-q34p.json

Aliases

CVE-2018-8356

Published

2022-05-14T03:00:10Z

Modified

2023-11-08T04:00:27.420543Z

Details

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

References

Affected packages

NuGet / System.Private.ServiceModel

Package

Name: System.Private.ServiceModel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.1.3

Affected versions

4.*

4.0.0

4.0.1-beta-23225

4.0.1-beta-23409

4.1.0-beta-23516

4.1.0-rc2-24027

4.1.0

4.1.1

4.1.2

NuGet / System.Private.ServiceModel

Package

Name: System.Private.ServiceModel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.3

Affected versions

4.*

4.3.0

4.3.1

4.3.2

NuGet / System.Private.ServiceModel

Package

Name: System.Private.ServiceModel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.4

Affected versions

4.*

4.4.0

4.4.1

4.4.2

4.4.3

NuGet / System.Private.ServiceModel

Package

Name: System.Private.ServiceModel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.3

Affected versions

4.*

4.5.0

4.5.1

4.5.2

NuGet / System.ServiceModel.Duplex

Package

Name: System.ServiceModel.Duplex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.3

Affected versions

4.*

4.3.0

4.3.1

4.3.2

NuGet / System.ServiceModel.Duplex

Package

Name: System.ServiceModel.Duplex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.4

Affected versions

4.*

4.4.0

4.4.1

4.4.2

4.4.3

NuGet / System.ServiceModel.Duplex

Package

Name: System.ServiceModel.Duplex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.3

Affected versions

4.*

4.5.0

4.5.1

4.5.2

NuGet / System.ServiceModel.Duplex

Package

Name: System.ServiceModel.Duplex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.4

Affected versions

4.*

4.0.0

4.0.1-beta-23225

4.0.1-beta-23409

4.0.1-beta-23516

4.0.1-rc2-24027

4.0.1

4.0.2

4.0.3

Database specific

{
    "last_known_affected_version_range": "<= 4.0.2"
}

NuGet / System.ServiceModel.Http

Package

Name: System.ServiceModel.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.3

Affected versions

4.*

4.3.0

4.3.1

4.3.2

NuGet / System.ServiceModel.Http

Package

Name: System.ServiceModel.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.4

Affected versions

4.*

4.4.0

4.4.1

4.4.2

4.4.3

NuGet / System.ServiceModel.Http

Package

Name: System.ServiceModel.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.3

Affected versions

4.*

4.5.0

4.5.1

4.5.2

NuGet / System.ServiceModel.Http

Package

Name: System.ServiceModel.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.1.3

Affected versions

4.*

4.0.0

4.0.10-beta-22605

4.0.10-beta-22816

4.0.10-beta-23019

4.0.10-beta-23109

4.0.10

4.0.11-beta-23225

4.0.11-beta-23409

4.0.11-beta-23516

4.1.0-rc2-24027

4.1.0

4.1.1

4.1.2

NuGet / System.ServiceModel.NetTcp

Package

Name: System.ServiceModel.NetTcp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.3

Affected versions

4.*

4.3.0

4.3.1

4.3.2

NuGet / System.ServiceModel.NetTcp

Package

Name: System.ServiceModel.NetTcp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.4

Affected versions

4.*

4.4.0

4.4.1

4.4.2

4.4.3

NuGet / System.ServiceModel.NetTcp

Package

Name: System.ServiceModel.NetTcp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.3

Affected versions

4.*

4.5.0

4.5.1

4.5.2

NuGet / System.ServiceModel.NetTcp

Package

Name: System.ServiceModel.NetTcp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.1.3

Affected versions

4.*

4.0.0

4.0.1-beta-23225

4.0.1-beta-23409

4.1.0-beta-23516

4.1.0-rc2-24027

4.1.0

4.1.1

4.1.2

NuGet / System.ServiceModel.Primitives

Package

Name: System.ServiceModel.Primitives

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.3

Affected versions

4.*

4.3.0

4.3.1

4.3.2

NuGet / System.ServiceModel.Primitives

Package

Name: System.ServiceModel.Primitives

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.4

Affected versions

4.*

4.4.0

4.4.1-servicing-25917-01

4.4.1

4.4.2

4.4.3

NuGet / System.ServiceModel.Primitives

Package

Name: System.ServiceModel.Primitives

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.3

Affected versions

4.*

4.5.0

4.5.1

4.5.2

NuGet / System.ServiceModel.Primitives

Package

Name: System.ServiceModel.Primitives

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.1.3

Affected versions

4.*

4.0.0

4.0.1-beta-23225

4.0.1-beta-23409

4.1.0-beta-23516

4.1.0-rc2-24027

4.1.0

4.1.1

4.1.2

NuGet / System.ServiceModel.Security

Package

Name: System.ServiceModel.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.3

Affected versions

4.*

4.3.0

4.3.1

4.3.2

NuGet / System.ServiceModel.Security

Package

Name: System.ServiceModel.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.4

Affected versions

4.*

4.4.0

4.4.1

4.4.2

4.4.3

NuGet / System.ServiceModel.Security

Package

Name: System.ServiceModel.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.3

Affected versions

4.*

4.5.0

4.5.1

4.5.2

NuGet / System.ServiceModel.Security

Package

Name: System.ServiceModel.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.4

Affected versions

4.*

4.0.0

4.0.1-beta-23225

4.0.1-beta-23409

4.0.1-beta-23516

4.0.1-rc2-24027

4.0.1

4.0.2

4.0.3

Database specific

{
    "last_known_affected_version_range": "<= 4.0.2"
}