GHSA-rqrc-8q8f-cp9c

Source

https://github.com/advisories/GHSA-rqrc-8q8f-cp9c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-rqrc-8q8f-cp9c/GHSA-rqrc-8q8f-cp9c.json

Aliases

CVE-2020-1469

Published

2022-04-08T18:11:51Z

Modified

2024-02-20T05:31:04.092839Z

Details

A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. Handling of large container lengths that could cause an infinite loop when deserializing some payloads.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-1469
https://github.com/microsoft/bond/commit/3afea822c42dd0095fedb9e7db9ebb99165e7343
https://github.com/microsoft/bond/commit/b0fd4a15a7cae946dd2855122559ca59cc34dbea
https://github.com/microsoft/bond
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1469
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1469
https://www.nuget.org/packages/Bond.Core.CSharp/9.0.1

Affected packages

NuGet / Bond.Core.CSharp

Package

Name: Bond.Core.CSharp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

9.0.1

Affected versions

4.*

4.0.1

4.0.2

4.1.0

4.2.0

4.2.1

4.3.0

5.*

5.0.0

5.1.0

5.2.0

5.3.0

5.3.1

6.*

6.0.0

7.*

7.0.0

7.0.1

8.*

8.0.0

8.1.0

8.2.0

9.*

9.0.0