Miggo Logo
Miggo Vulnerability Database
CVE-2018-0875

CVE-2018-0875: .NET Core Denial of Service Vulnerability

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-0875
GHSA ID
GHSA-xcvr-qv8h-m7xw
EPSS Score
0.94803%
CWE
-
Published
5/13/2022
Updated
1/30/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.NETCore.Jitnuget>= 2.0.0, < 2.0.62.0.6
Microsoft.NETCore.Jitnuget>= 1.1.0, < 1.1.71.1.7
Microsoft.NETCore.Jitnuget< 1.0.121.0.12

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information describes a hash collision DoS vulnerability in .NET Core's JIT component (CVE-2018-0875), but does not include specific code references, commit diffs, or function-level details. While the root cause appears to relate to hash table handling in the JIT compiler (Microsoft.NETCore.Jit package), the available advisories and descriptions lack sufficient technical details about implementation specifics to identify exact vulnerable functions. The Microsoft security announcement and Red Hat errata reference general runtime updates rather than specific methods or classes. Without access to the actual patch diff or codebase analysis, we cannot confidently map this vulnerability to specific functions with high precision.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

.N*T *or* *.*, .N*T *or* *.*, N*T *or* *.* *n* Pow*rS**ll *or* *.*.* *llow * **ni*l o* S*rvi** vuln*r**ility *u* to *ow sp**i*lly *r**t** r*qu*sts *r* **n*l**, *k* ".N*T *or* **ni*l o* S*rvi** Vuln*r**ility".

Reasoning

T** provi*** vuln*r**ility in*orm*tion **s*ri**s * **s* *ollision *oS vuln*r**ility in .N*T *or*'s JIT *ompon*nt (*V*-****-****), *ut *o*s not in*lu** sp**i*i* *o** r***r*n**s, *ommit *i**s, or `*un*tion-l*v*l` **t*ils. W*il* t** root **us* *pp**rs t