6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-1721

CVE-2021-1721: Denial of service in .NET core

.NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2021-1721

CVE-2021-1721:

6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Is this CVE running in your environment?

Easily map the attack path and prioritize which CVEs are a threat to your organization

Validate Exposure

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Microsoft.NETCore.App	nuget	>= 2.1.0, < 2.1.25	2.1.25
Microsoft.NETCore.App.Host.linux-arm	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Host.linux-arm64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Host.linux-musl-arm64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Host.linux-musl-x64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Host.linux-x64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Host.osx-x64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Host.rhel.6-x64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Host.win-arm	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Host.win-arm64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Host.win-x64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Host.win-x86	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Runtime.linux-arm	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Runtime.linux-arm64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Runtime.linux-musl-arm64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Runtime.linux-musl-x64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Runtime.linux-x64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Runtime.osx-x64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Runtime.rhel.6-x64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Runtime.win-arm	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Runtime.win-arm64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Runtime.win-x64	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Runtime.win-x86	nuget	>= 3.1.0, < 3.1.12	3.1.12
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.Mono.linux-arm	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.Mono.linux-arm64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.Mono.linux-x64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.Mono.osx-x64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.android-arm	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.android-arm64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.android-x64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.android-x86	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.browser-wasm	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.ios-arm	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.ios-x64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.ios-x86	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.linux-arm	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.linux-arm64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.linux-musl-arm	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.linux-musl-arm64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.linux-musl-x64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.linux-x64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.osx-x64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.tvos-arm64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.tvos-x64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.win-arm	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.win-arm64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.win-x64	nuget	>= 5.0.0, < 5.0.3	5.0.3
Microsoft.NETCore.App.Runtime.win-x86	nuget	>= 5.0.0, < 5.0.3	5.0.3

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description explicitly mentions X509 certificate chain building during HTTPS requests as the attack vector. The X509Chain.Build method is the core component responsible for certificate chain validation in .NET. The advisory indicates fixes were applied across multiple runtime versions, suggesting a fundamental flaw in chain validation logic. While specific commit details aren't available, the technical context of certificate processing and the critical role of X509Chain.Build in chain validation make it the most likely vulnerable component with high confidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

Vulnerability Intelligence
Miggo AI

Unlock WAF rules for this CVE

Generate vendor-ready rules for the observed attack patterns, plus reasoning and safe deployment guidance

Get WAF rules

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.