GHSA-rqrc-8q8f-cp9c
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rqrc-8q8f-cp9c
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-rqrc-8q8f-cp9c/GHSA-rqrc-8q8f-cp9c.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rqrc-8q8f-cp9c
- Aliases
- Published
- 2022-04-08T18:11:51Z
- Modified
- 2024-02-20T05:31:04.092839Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Infinite loop in .Net Bond
- Details
-
A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. Handling of large container lengths that could cause an infinite loop when deserializing some payloads.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-1469
- https://github.com/microsoft/bond/commit/3afea822c42dd0095fedb9e7db9ebb99165e7343
- https://github.com/microsoft/bond/commit/b0fd4a15a7cae946dd2855122559ca59cc34dbea
- https://github.com/microsoft/bond
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1469
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1469
- https://www.nuget.org/packages/Bond.Core.CSharp/9.0.1
Affected packages
NuGet / Bond.Core.CSharp
Package
- Name
- Bond.Core.CSharp
- View open source insights on deps.dev
- Purl
- pkg:nuget/Bond.Core.CSharp