Lucene search
GitHub Advisory DatabaseGHSA-RQRC-8Q8F-CP9CHistoryApr 08, 2022 - 6:11 p.m.
Infinite loop in .Net Bond
2022-04-0818:11:51
CWE-434
CWE-835
GitHub Advisory Database
github.com
5
0.002 Low
EPSS
Percentile
54.6%
A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka ‘Bond Denial of Service Vulnerability’. Handling of large container lengths that could cause an infinite loop when deserializing some payloads.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bond.core.csharp | ge | 3.0.0 | |
| bond.core.csharp | lt | 9.0.1 |
References
github.com/advisories/GHSA-rqrc-8q8f-cp9c
github.com/microsoft/bond/commit/3afea822c42dd0095fedb9e7db9ebb99165e7343
github.com/microsoft/bond/commit/b0fd4a15a7cae946dd2855122559ca59cc34dbea
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1469
nvd.nist.gov/vuln/detail/CVE-2020-1469
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1469
www.nuget.org/packages/Bond.Core.CSharp/9.0.1
Related
prion
prion
Denial of service
2020-07-14 23:15:00
gitlab
gitlab
Unrestricted Upload of File with Dangerous Type
2022-04-08 00:00:00
cve
cve
CVE-2020-1469
2020-07-14 23:15:00
osv
osv
Infinite loop in .Net Bond
2022-04-08 18:11:51
CVE-2020-1469
2020-07-14 23:15:20
mscve
mscve
Bond Denial of Service Vulnerability
2020-07-14 07:00:00
cvelist
cvelist
CVE-2020-1469
2020-07-14 22:54:53
kaspersky
kaspersky
KLA11861 Multiple vulnerabilities in Microsoft Products (OSS)
2020-07-14 00:00:00
avleonov
avleonov