Title: Discussion: Microsoft Security Advisory CVE-2018-0875: Hash Collision can cause Denial of Service · Issue #6401 · PowerShell/PowerShell · GitHub
Open Graph Title: Discussion: Microsoft Security Advisory CVE-2018-0875: Hash Collision can cause Denial of Service · Issue #6401 · PowerShell/PowerShell
X Title: Discussion: Microsoft Security Advisory CVE-2018-0875: Hash Collision can cause Denial of Service · Issue #6401 · PowerShell/PowerShell
Description: Microsoft Security Advisory CVE-2018-0875: Hash Collision can cause Denial of Service Executive Summary Microsoft is releasing this security advisory to provide information about a vulnerability in the open source versions of PowerShell ...
Open Graph Description: Microsoft Security Advisory CVE-2018-0875: Hash Collision can cause Denial of Service Executive Summary Microsoft is releasing this security advisory to provide information about a vulnerability in...
X Description: Microsoft Security Advisory CVE-2018-0875: Hash Collision can cause Denial of Service Executive Summary Microsoft is releasing this security advisory to provide information about a vulnerability in...
Mail addresses
secure@microsoft.com
Opengraph URL: https://github.com/PowerShell/PowerShell/issues/6401
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":" Discussion: Microsoft Security Advisory CVE-2018-0875: Hash Collision can cause Denial of Service","articleBody":"# Microsoft Security Advisory CVE-2018-0875: Hash Collision can cause Denial of Service\r\n\r\n## Executive Summary\r\n\r\nMicrosoft is releasing this security advisory to provide information about a vulnerability in the open source versions of PowerShell Core.\r\nThis advisory also provides guidance on what developers can do to update their scripts and module correctly.\r\n\r\nMicrosoft is aware of a security vulnerability in the public versions of .NET Core where a malicious file\r\nor web request could cause a denial of service (DoS) attack.\r\n\r\nSystem administrators are advised to update PowerShell Core to version 6.0.2.\r\nThis version will also address CVE-2018-0786.\r\n\r\n## Affected Software\r\n\r\nThe vulnerability affects PowerShell Core prior to version `6.0.2`\r\n\r\n## Advisory FAQ\r\n\r\n### How do I know if I am affected?\r\n\r\nIf all of the following are true:\r\n\r\n1. Run `pwsh -v` (if, you cannot launch PowerShell Core using `pwsh` you are affected).\r\n If the reported version starts with `6.0.1`, you are affected.\r\n\r\n### How do I update to an unaffected version?\r\n\r\nFollow the instructions at [Get PowerShell](https://github.com/PowerShell/PowerShell#get-powershell)\r\nto install the latest version of PowerShell Core.\r\n\r\n## Other Information\r\n\r\n### Reporting Security Issues\r\n\r\nIf you have found a potential security issue in PowerShell Core,\r\nplease email details to secure@microsoft.com.\r\n\r\n### Support\r\n\r\nYou can ask questions about this issue on GitHub in the PowerShell organization.\r\nThis is located at https://github.com/PowerShell/.\r\nThe Announcements repo (https://github.com/PowerShell/Announcements)\r\nwill contain this bulletin as an issue and will include a link to a discussion issue where you can ask questions.\r\n\r\n### What if the update breaks my script or module?\r\n\r\nYou can uninstall the newer version of PowerShell Core and install the previous version of PowerShell Core.\r\nThis should be treated as a temporary measure.\r\nTherefore, the script or module should be updated to work with the patched version of PowerShell Core.\r\n\r\n### Acknowledgments\r\n\r\n[Ben Adams](https://twitter.com/ben_a_adams) of [Illyriad Games](https://www.illyriad.co.uk/)\r\n\r\n### External Links\r\n\r\n[CVE-2018-0875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0875)\r\n\r\n### Revisions\r\n\r\nV1.0 (Mar 15, 2018): Advisory published.\r\n\r\n*Version 1.0*\r\n*Last Updated 2018-03-15*","author":{"url":"https://github.com/TravisEz13","@type":"Person","name":"TravisEz13"},"datePublished":"2018-03-15T17:54:02.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":3},"url":"https://github.com/6401/PowerShell/issues/6401"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:df0617a5-fe83-33f9-373c-d545f421af4e |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | D920:6ED1:944C22:C9BF43:6A55B042 |
| html-safe-nonce | fc74d3c4c8e3003d0715b850f102fcd9e4cff199dc1ca2a2968271787fa8f9ea |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJEOTIwOjZFRDE6OTQ0QzIyOkM5QkY0Mzo2QTU1QjA0MiIsInZpc2l0b3JfaWQiOiIxODc5NTkxNjM1OTk1OTYzNDU4IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | 4fac6f110896020e55a520eb8c1a21c9df927142c17443e6f8042595f699e811 |
| hovercard-subject-tag | issue:305658061 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/PowerShell/PowerShell/6401/issue_layout |
| twitter:image | https://opengraph.githubassets.com/59628bfbe857f7ce20c988543526bd653dddffac6311e4de5704b353c3c946b0/PowerShell/PowerShell/issues/6401 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/59628bfbe857f7ce20c988543526bd653dddffac6311e4de5704b353c3c946b0/PowerShell/PowerShell/issues/6401 |
| og:image:alt | Microsoft Security Advisory CVE-2018-0875: Hash Collision can cause Denial of Service Executive Summary Microsoft is releasing this security advisory to provide information about a vulnerability in... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | TravisEz13 |
| hostname | github.com |
| expected-hostname | github.com |
| None | b5665c84831ed9ac4fb79519c16c9c5580ba8092fb8bb6e3e72972ec7197348e |
| turbo-cache-control | no-preview |
| go-import | github.com/PowerShell/PowerShell git https://github.com/PowerShell/PowerShell.git |
| octolytics-dimension-user_id | 11524380 |
| octolytics-dimension-user_login | PowerShell |
| octolytics-dimension-repository_id | 49609581 |
| octolytics-dimension-repository_nwo | PowerShell/PowerShell |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 49609581 |
| octolytics-dimension-repository_network_root_nwo | PowerShell/PowerShell |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 653fccf1e27344851c0d3de3fa6faa526197f072 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width