Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-757k-8968-xkbx
Vulnerability ID VCID-757k-8968-xkbx
Aliases CVE-2021-1721
GHSA-3gp9-h8hw-pxpw
Summary Denial of service in .NET core .NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-674 Uncontrolled Recursion
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1721.json
epss 0.09338 https://api.first.org/data/v1/epss?cve=CVE-2021-1721
epss 0.09338 https://api.first.org/data/v1/epss?cve=CVE-2021-1721
epss 0.09338 https://api.first.org/data/v1/epss?cve=CVE-2021-1721
epss 0.09338 https://api.first.org/data/v1/epss?cve=CVE-2021-1721
epss 0.09338 https://api.first.org/data/v1/epss?cve=CVE-2021-1721
epss 0.09338 https://api.first.org/data/v1/epss?cve=CVE-2021-1721
epss 0.09338 https://api.first.org/data/v1/epss?cve=CVE-2021-1721
epss 0.09338 https://api.first.org/data/v1/epss?cve=CVE-2021-1721
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-3gp9-h8hw-pxpw
cvssv3.1 6.5 https://github.com/dotnet/announcements/issues/175
generic_textual MODERATE https://github.com/dotnet/announcements/issues/175
cvssv3.1 6.5 https://github.com/dotnet/runtime/issues/48067
generic_textual MODERATE https://github.com/dotnet/runtime/issues/48067
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1721
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2021-1721
cvssv3.1 6.5 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721
generic_textual MODERATE https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721
archlinux High https://security.archlinux.org/AVG-1449
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1721.json
https://api.first.org/data/v1/epss?cve=CVE-2021-1721
https://github.com/dotnet/announcements/issues/175
https://github.com/dotnet/runtime/issues/48067
https://nvd.nist.gov/vuln/detail/CVE-2021-1721
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721
1926918 https://bugzilla.redhat.com/show_bug.cgi?id=1926918
ASA-202103-16 https://security.archlinux.org/ASA-202103-16
ASA-202103-17 https://security.archlinux.org/ASA-202103-17
AVG-1449 https://security.archlinux.org/AVG-1449
GHSA-3gp9-h8hw-pxpw https://github.com/advisories/GHSA-3gp9-h8hw-pxpw
RHSA-2021:0470 https://access.redhat.com/errata/RHSA-2021:0470
RHSA-2021:0471 https://access.redhat.com/errata/RHSA-2021:0471
RHSA-2021:0472 https://access.redhat.com/errata/RHSA-2021:0472
RHSA-2021:0473 https://access.redhat.com/errata/RHSA-2021:0473
RHSA-2021:0474 https://access.redhat.com/errata/RHSA-2021:0474
RHSA-2021:0476 https://access.redhat.com/errata/RHSA-2021:0476
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1721.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/dotnet/announcements/issues/175
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/dotnet/runtime/issues/48067
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-1721
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.92733
EPSS Score 0.09338
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:07:56.893418+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3gp9-h8hw-pxpw/GHSA-3gp9-h8hw-pxpw.json 38.0.0