CVE-2020-16937: .NET Framework Information Disclosure Vulnerability
Overview
- Severity
- Medium (CVSS 4.7)
- CVSS Vector
- CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
- Category
- Information Disclosure
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Publicly Disclosed
- Yes
- Patch Tuesday
- 2020-Oct
- Released
- 2020-10-13
- EPSS Score
- 8.69% (percentile: 92.5%)
Description
An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.
To exploit the vulnerability, an authenticated attacker would need to run a specially crafted application.
The update addresses the vulnerability by correcting how the .NET Framework handles objects in memory.
FAQ
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.
Affected Products (89)
Other
- 11529-10047
- 11529-10048
- 11529-10481
- 11529-10482
- 11529-10484
- 11529-10051
- 11529-10049
- 11529-10378
- 11529-10379
- 11529-10483
- 11529-10543
- 11650-11497
- 11650-11498
- 11650-11453
- 11650-11454
- 11650-10852
- 11650-10853
- 11650-10816
- 11650-10855
- 11650-10047
- 11650-10048
- 11650-10481
- 11650-10482
- 11650-10484
- 11650-10051
- 11650-10049
- 11650-10378
- 11650-10379
- 11650-10483
- 11650-10543
- 11676-11568
- 11676-11569
- 11676-11571
- 11676-11572
- 11676-11712
- 11676-11713
- 11676-11714
- 11676-11715
- 11676-11644
- 11676-11645
- 11676-11646
- 11676-11647
- 11676-11766
- 11676-11767
- 11676-11768
- 11676-11769
- 11677-11497
- 11677-11498
- 11677-11563
- 11677-11568
- ... and 39 more
Security Updates (19)
Revision History
- 2020-10-13: Information published.