CVE-2021-26423

Summary

.NET Core and Visual Studio Denial of Service Vulnerability

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)15.9.0 < 15.9.38affected
MicrosoftMicrosoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)16.0 < 16.4.25affected
MicrosoftMicrosoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)16.0.0 < 16.7.18affected
MicrosoftMicrosoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)15.0.0 < 16.9.10affected
MicrosoftMicrosoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9)16.10.0 < 16.10.5affected
MicrosoftVisual Studio 2019 for Mac version 8.108.1.0 < 8.10.7affected
Microsoft.NET Core 2.12.1 < 2.1.30affected
Microsoft.NET Core 3.13.1 < 3.1.18affected
Microsoft.NET 5.05.0.0 < 5.0.9affected
MicrosoftPowerShell Core 7.17.1.0 < 7.1.4affected
MicrosoftPowerShell Core 7.07.0.0 < 7.0.7affected

Weaknesses

  • Denial of Service

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References