Linux Security
Linux Security
Linux Security

ArchLinux: 202103-23: dotnet-sdk-3.1: arbitrary code execution

Date 26 Mar 2021
46
Posted By LinuxSecurity Advisories
The package dotnet-sdk-3.1 before version 3.1.13.sdk113-1 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-202103-23
==========================================

Severity: High
Date    : 2021-03-25
CVE-ID  : CVE-2021-26701
Package : dotnet-sdk-3.1
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1701

Summary
=======

The package dotnet-sdk-3.1 before version 3.1.13.sdk113-1 is vulnerable
to arbitrary code execution.

Resolution
==========

Upgrade to 3.1.13.sdk113-1.

# pacman -Syu "dotnet-sdk-3.1>=3.1.13.sdk113-1"

The problem has been fixed upstream in version 3.1.13.sdk113.

Workaround
==========

None.

Description
===========

A remote code execution vulnerability exists in .NET 5.0 before Runtime
5.0.4 and SDK 5.0.104 as well as .NET Core 3.1 before Runtime 3.1.13
and SDK 3.1.113 due to how text encoding is performed in the
System.Text.Encodings.Web package, caused by a buffer overrun.

Impact
======

An attacker can execute arbitrary code by abusing the text encoding.

References
==========

https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701
https://github.com/dotnet/announcements/issues/178
https://security.archlinux.org/CVE-2021-26701

Advisories

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"42","type":"x","order":"1","pct":84,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":8,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":8,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.