Zurück zur CVE-Übersicht
CVE-2026-54778
MEDIUM(6.2)CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Risk Signal Score26/100 — MITTEL
- CVSS 6.2 — Mittel
- Weniger als 24 Stunden alt
Beschreibung
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to another or crash the host process under contention. This issue is fixed in versions 1.8.1 and 1.9.1.
GitHub Advisories
GHSA-q6v9-43v5-jv9qMEDIUM
CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution
nuget/CoreWCF.UnixDomainSocket→ 1.8.1
GitHub AdvisoryReferenzen
- https://github.com/CoreWCF/CoreWCF/commit/a3d95ea4627b818995e92c7def4c016164cacf...
- https://github.com/CoreWCF/CoreWCF/commit/b0acb105589b455a095ea5ff49f5191e4eeff7...
- https://github.com/CoreWCF/CoreWCF/commit/b4867547c94bb088568935d581a55dda18a621...
- https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1
- https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1
- https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-q6v9-43v5-jv9q