dotnet · CoreWCF.NetNamedPipeHeads-up
CoreWCF.NetNamedPipe vulnerability: local interception of NetNamedPipe traffic fixed in v1.8.1 and v1.9.1
CoreWCF NetNamedPipe transport had a vulnerability allowing local interception of NetNamedPipe traffic by attaching to a pre-existing named pipe instance.
What changed
CoreWCF NetNamedPipe transport had a vulnerability allowing local interception of NetNamedPipe traffic by attaching to a pre-existing named pipe instance. Fixed in v1.8.1 and v1.9.1.
Who it affects
Users of CoreWCF NetNamedPipe transport on versions prior to 1.8.1 and 1.9.1.
What to do today
Update CoreWCF to version 1.8.1 or 1.9.1 to patch the vulnerability.
The trail
Collected→
Audited→
Written→
Published