Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-fp5s-gbub-8kfx
Vulnerability ID VCID-fp5s-gbub-8kfx
Aliases CVE-2019-0820
GHSA-cmhx-cq75-c4mj
Summary Uncontrolled Resource Consumption A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-400 Uncontrolled Resource Consumption
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1333 Inefficient Regular Expression Complexity
System Score Found at
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2019:1259
generic_textual HIGH https://access.redhat.com/errata/RHSA-2019:1259
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0820.json
epss 0.02652 https://api.first.org/data/v1/epss?cve=CVE-2019-0820
epss 0.02652 https://api.first.org/data/v1/epss?cve=CVE-2019-0820
epss 0.02652 https://api.first.org/data/v1/epss?cve=CVE-2019-0820
epss 0.02652 https://api.first.org/data/v1/epss?cve=CVE-2019-0820
epss 0.02652 https://api.first.org/data/v1/epss?cve=CVE-2019-0820
epss 0.02652 https://api.first.org/data/v1/epss?cve=CVE-2019-0820
epss 0.02652 https://api.first.org/data/v1/epss?cve=CVE-2019-0820
epss 0.02652 https://api.first.org/data/v1/epss?cve=CVE-2019-0820
epss 0.02652 https://api.first.org/data/v1/epss?cve=CVE-2019-0820
epss 0.02652 https://api.first.org/data/v1/epss?cve=CVE-2019-0820
epss 0.02652 https://api.first.org/data/v1/epss?cve=CVE-2019-0820
epss 0.02652 https://api.first.org/data/v1/epss?cve=CVE-2019-0820
epss 0.02652 https://api.first.org/data/v1/epss?cve=CVE-2019-0820
epss 0.02652 https://api.first.org/data/v1/epss?cve=CVE-2019-0820
epss 0.02652 https://api.first.org/data/v1/epss?cve=CVE-2019-0820
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-cmhx-cq75-c4mj
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-0820
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2019-0820
cvssv3.1 7.5 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820
generic_textual HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2019:1259
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0820.json
https://api.first.org/data/v1/epss?cve=CVE-2019-0820
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820
1705506 https://bugzilla.redhat.com/show_bug.cgi?id=1705506
CVE-2019-0820 https://nvd.nist.gov/vuln/detail/CVE-2019-0820
GHSA-cmhx-cq75-c4mj https://github.com/advisories/GHSA-cmhx-cq75-c4mj
RHSA-2019:1236 https://access.redhat.com/errata/RHSA-2019:1236
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2019:1259
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0820.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-0820
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.85687
EPSS Score 0.02652
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:48:38.539892+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/System.Text.RegularExpressions/CVE-2019-0820.yml 38.0.0