dotnet · CoreWCF.NetFramingBaseCritical
CoreWCF.NetFramingBase: Unauthenticated Remote CPU Exhaustion via Thread Pin
An unauthenticated remote attacker can pin one server thread-pool worker at 100% CPU per connection, potentially exhausting CPU usage with multiple connections.
What changed
An unauthenticated remote attacker can pin one server thread-pool worker at 100% CPU per connection, potentially exhausting CPU usage with multiple connections.
Who it affects
Services exposing endpoints using NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding.
What to do today
Upgrade to CoreWCF v1.8.1 or v1.9.1 immediately.
The trail
Collected→
Audited→
Written→
Published