CVE-2021-26423

Description

.NET Core and Visual Studio Denial of Service Vulnerability

Risk Information

Base Score

7.5

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

3.657

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2021-1721,CVE-2021-24112,CVE-2021-26423,CVE-2021-26701,CVE-2021-34485 are fixed in Update for AspNet Core (x64) (2.1.30)	Windows
Vulnerabilities CVE-2021-1721,CVE-2021-24112,CVE-2021-26423,CVE-2021-26701,CVE-2021-34485 are fixed in Update for AspNet Core (x86) (2.1.30)	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Update for AspNet Core (x64) (2.1.30)	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Update for AspNet Core (x86) (2.1.30)	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Update for AspNet Core (x64) (3.1.18)	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Update for AspNet Core (x86) (3.1.18)	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Update for AspNet Core (x64) (5.0.9)	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Update for AspNet Core (x86) (5.0.9)	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Microsoft Visual Studio Community 2017 15.9.38	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Microsoft Visual Studio Enterprise 2017 15.9.38	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Microsoft Visual Studio Professional 2017 15.9.38	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485,CVE-2021-34532 are fixed in Microsoft Visual Studio Community 2019 16.10.5	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485,CVE-2021-34532 are fixed in Microsoft Visual Studio Community 2019 16.9.10	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485,CVE-2021-34532 are fixed in Microsoft Visual Studio Community 2019 16.7.18	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485,CVE-2021-34532 are fixed in Microsoft Visual Studio Community 2019 16.4.25	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485,CVE-2021-34532 are fixed in Microsoft Visual Studio Enterprise 2019 16.10.5	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485,CVE-2021-34532 are fixed in Microsoft Visual Studio Enterprise 2019 16.9.10	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485,CVE-2021-34532 are fixed in Microsoft Visual Studio Enterprise 2019 16.7.18	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485,CVE-2021-34532 are fixed in Microsoft Visual Studio Enterprise 2019 16.4.25	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485,CVE-2021-34532 are fixed in Microsoft Visual Studio Professional 2019 16.10.5	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485,CVE-2021-34532 are fixed in Microsoft Visual Studio Professional 2019 16.9.10	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485,CVE-2021-34532 are fixed in Microsoft Visual Studio Professional 2019 16.7.18	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485,CVE-2021-34532 are fixed in Microsoft Visual Studio Professional 2019 16.4.25	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget-Microsoft.NETCore.App.Runtime.win-arm 3.1.18	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget-Microsoft.NETCore.App.Runtime.win-arm 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget-Microsoft.NETCore.App.Runtime.linux-arm 3.1.18	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget-Microsoft.NETCore.App.Runtime.linux-arm 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget-Microsoft.NetCore.App.Runtime.linux-musl-arm 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget-Microsoft.NETCore.App.Runtime.Mono.linux-arm 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-arm64 3.1.18	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-arm64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-musl-arm64 3.1.18	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-musl-arm64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-musl-x64 3.1.18	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-musl-x64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-x64 3.1.18	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-x64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.osx-x64 3.1.18	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.osx-x64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.rhel.6-x64 3.1.18	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.win-arm64 3.1.18	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.win-arm64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.win-x64 3.1.18	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.win-x64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.win-x86 3.1.18	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.win-x86 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.linux-arm64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.linux-x64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64 5.0.9	Windows
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.osx-x64 5.0.9	Windows
Aspnetcore-runtime-3.1 update (ELSA-2021-3142) aspnetcore-runtime-3.1-3.1.18-1.0.1.el8_4.x86_64.rpm	Linux
Aspnetcore-targeting-pack-3.1 update (ELSA-2021-3142) aspnetcore-targeting-pack-3.1-3.1.18-1.0.1.el8_4.x86_64.rpm	Linux
Dotnet-apphost-pack-3.1 update (ELSA-2021-3142) dotnet-apphost-pack-3.1-3.1.18-1.0.1.el8_4.x86_64.rpm	Linux
Dotnet-hostfxr-3.1 update (ELSA-2021-3142) dotnet-hostfxr-3.1-3.1.18-1.0.1.el8_4.x86_64.rpm	Linux
Dotnet-runtime-3.1 update (ELSA-2021-3142) dotnet-runtime-3.1-3.1.18-1.0.1.el8_4.x86_64.rpm	Linux
Dotnet-sdk-3.1 update (ELSA-2021-3142) dotnet-sdk-3.1-3.1.118-1.0.1.el8_4.x86_64.rpm	Linux
Dotnet-targeting-pack-3.1 update (ELSA-2021-3142) dotnet-targeting-pack-3.1-3.1.18-1.0.1.el8_4.x86_64.rpm	Linux
Dotnet-templates-3.1 update (ELSA-2021-3142) dotnet-templates-3.1-3.1.118-1.0.1.el8_4.x86_64.rpm	Linux
(RHSA-2021:3148) .NET 5.0 security and bugfix update aspnetcore-runtime-5.0-5.0.9-1.el8_4.x86_64.rpm	Linux
(RHSA-2021:3148) .NET 5.0 security and bugfix update aspnetcore-targeting-pack-5.0-5.0.9-1.el8_4.x86_64.rpm	Linux
(RHSA-2021:3148) .NET 5.0 security and bugfix update dotnet-5.0.206-1.el8_4.x86_64.rpm	Linux
(RHSA-2021:3148) .NET 5.0 security and bugfix update dotnet-apphost-pack-5.0-5.0.9-1.el8_4.x86_64.rpm	Linux
(RHSA-2021:3148) .NET 5.0 security and bugfix update dotnet-host-5.0.9-1.el8_4.x86_64.rpm	Linux
(RHSA-2021:3148) .NET 5.0 security and bugfix update dotnet-hostfxr-5.0-5.0.9-1.el8_4.x86_64.rpm	Linux
(RHSA-2021:3148) .NET 5.0 security and bugfix update dotnet-runtime-5.0-5.0.9-1.el8_4.x86_64.rpm	Linux
(RHSA-2021:3148) .NET 5.0 security and bugfix update dotnet-sdk-5.0-5.0.206-1.el8_4.x86_64.rpm	Linux
(RHSA-2021:3148) .NET 5.0 security and bugfix update dotnet-targeting-pack-5.0-5.0.9-1.el8_4.x86_64.rpm	Linux
(RHSA-2021:3148) .NET 5.0 security and bugfix update dotnet-templates-5.0-5.0.206-1.el8_4.x86_64.rpm	Linux
(RHSA-2021:3148) .NET 5.0 security and bugfix update dotnet5.0-debugsource-5.0.206-1.el8_4.x86_64.rpm	Linux
(RHSA-2021:3148) .NET 5.0 security and bugfix update netstandard-targeting-pack-2.1-5.0.206-1.el8_4.x86_64.rpm	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget-Microsoft.NETCore.App.Runtime.win-arm for Linux 3.1.18	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget-Microsoft.NETCore.App.Runtime.win-arm for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget-Microsoft.NETCore.App.Runtime.linux-arm for Linux 3.1.18	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget-Microsoft.NETCore.App.Runtime.linux-arm for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget-Microsoft.NetCore.App.Runtime.linux-musl-arm for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget-Microsoft.NETCore.App.Runtime.Mono.linux-arm for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-arm64 for Linux 3.1.18	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-arm64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-musl-arm64 for Linux 3.1.18	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-musl-arm64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-musl-x64 for Linux 3.1.18	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-musl-x64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-x64 for Linux 3.1.18	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.linux-x64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.osx-x64 for Linux 3.1.18	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.osx-x64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.rhel.6-x64 for Linux 3.1.18	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.win-arm64 for Linux 3.1.18	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.win-arm64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.win-x64 for Linux 3.1.18	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.win-x64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.win-x86 for Linux 3.1.18	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.win-x86 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.linux-arm64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.linux-x64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64 for Linux 5.0.9	Linux
Vulnerabilities CVE-2021-26423,CVE-2021-34485 are fixed in Nuget - Microsoft.NETCore.App.Runtime.Mono.osx-x64 for Linux 5.0.9	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-108337	Update for AspNet Core (x64) (2.1.30)
PATCH-108340	Update for AspNet Core (x86) (2.1.30)
PATCH-108337	Update for AspNet Core (x64) (2.1.30)
PATCH-108340	Update for AspNet Core (x86) (2.1.30)
PATCH-108325	Update for AspNet Core (x64) (3.1.18)
PATCH-108328	Update for AspNet Core (x86) (3.1.18)
PATCH-108326	Update for AspNet Core (x64) (5.0.9)
PATCH-108329	Update for AspNet Core (x86) (5.0.9)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234