CVE-2021-26423: .NET Core Elevation of Privilege Vulnerability
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.84503%
CWE
-
Published
10/25/2022
Updated
1/30/2023
KEV Status
No
Technology
C#
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
Microsoft.NETCore.App.Runtime.win-x86 | nuget | >= 3.1.0, < 3.1.18 | 3.1.18 |
Microsoft.NETCore.App.Runtime.win-x86 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.win-x64 | nuget | >= 3.1.0, < 3.1.18 | 3.1.18 |
Microsoft.NETCore.App.Runtime.win-x64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.win-arm64 | nuget | >= 3.1.0, < 3.1.18 | 3.1.18 |
Microsoft.NETCore.App.Runtime.win-arm64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.win-arm | nuget | >= 3.1.0, < 3.1.18 | 3.1.18 |
Microsoft.NETCore.App.Runtime.win-arm | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.osx-x64 | nuget | >= 3.1.0, < 3.1.18 | 3.1.18 |
Microsoft.NETCore.App.Runtime.osx-x64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.Mono.osx-x64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.Mono.linux-x64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.Mono.linux-arm64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.Mono.linux-arm | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.linux-x64 | nuget | >= 3.1.0, < 3.1.18 | 3.1.18 |
Microsoft.NETCore.App.Runtime.linux-x64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.linux-musl-x64 | nuget | >= 3.1.0, < 3.1.18 | 3.1.18 |
Microsoft.NETCore.App.Runtime.linux-musl-x64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.linux-musl-arm64 | nuget | >= 3.1.0, < 3.1.18 | 3.1.18 |
Microsoft.NETCore.App.Runtime.linux-musl-arm64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.linux-musl-arm | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.rhel.6-x64 | nuget | >= 3.1.0, < 3.1.18 | 3.1.18 |
Microsoft.NETCore.App.Runtime.linux-arm64 | nuget | >= 3.1.0, < 3.1.18 | 3.1.18 |
Microsoft.NETCore.App.Runtime.linux-arm64 | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Microsoft.NETCore.App.Runtime.linux-arm | nuget | >= 3.1.0, < 3.1.18 | 3.1.18 |
Microsoft.NETCore.App.Runtime.linux-arm | nuget | >= 5.0.0, < 5.0.9 | 5.0.9 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability centers on WebSocket frame processing leading to infinite loops. Analysis of .NET Core's WebSocket implementation shows:
- ReceiveAsyncPrivate is the primary frame processing method handling payload parsing
- The vulnerability description matches scenarios where payload length validation fails
- Historical fixes for similar WebSocket DoS issues in .NET Core target these methods
- Microsoft's security bulletin specifically mentions WebSocket endpoint handling as the attack vector While exact patch diffs aren't provided, the combination of vulnerability characteristics and .NET Core architecture strongly implicates these core WebSocket processing functions.