Heads up! CVE-2018-0875

The MSRC published the following details about CVE-2018-0875 | .NET Core Denial of Service Vulnerability


The .Net Core vulnerability is documented on https://github.com/dotnet/announcements/issues/62. Fine, no problem with that.

But, the version 1.0 of the advisory for CVE-2018-0875 is wrong about PowerShell Core because it just lists 6.0.0 as affected.

It appears actually that both PowerShell Core 6.0.0 and 6.0.1 are affected by CVE-2018-0875.
The CVE-2018-0875 vulneralbility is a Hash Collision issue that can cause a Denial of Service.

If you’ve got PowerShell Core, you need to update to version 6.0.2 using this link

Why?

PowerShell Core is a self contained application that has coreclr embedded as well as other assemblies.
PowerShell Core has been updated to target the updated .NET Core runtime, recompiled and released on this page.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s