CVE-2019-0981: Denial of service in ASP.NET Core
7.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.86433%
CWE
-
Published
5/24/2022
Updated
1/27/2023
KEV Status
No
Technology
C#
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
System.Private.Uri | nuget | >= 4.3.0, < 4.3.2 | 4.3.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper URI handling in System.Private.Uri
. While explicit patch diffs aren't provided, the Microsoft advisory explicitly calls out this package and version range. URI parsing entry points like the constructor and internal parser methods are the most likely candidates. The DoS nature suggests functions involved in expensive parsing operations when processing malicious inputs. Confidence is medium due to lack of direct commit evidence, but grounded in the package's purpose and vulnerability type.