perfview icon indicating copy to clipboard operation
perfview copied to clipboard
verified publisher icon microsoft

CVE-2018-25032

Open drache42 opened this issue 3 years ago • 1 comments

https://nvd.nist.gov/vuln/detail/CVE-2018-25032

Microsoft.Diagnostics.Tracing.TraceEvent includes msdia140.dll as part of the nuget package. That dll has vulnerability CVE-2018-25032 as it includes zlib.

Can you please fix?

drache42 avatar Jul 06 '22 18:07 drache42

@drache42, thanks for pointing this out. Yes, we will work to fix this.

brianrob avatar Jul 07 '22 17:07 brianrob

Any updates or ETA on this? We're getting flagged on automated security scans for this vulnerability, and it would be good to resolve it.

mwfriedm avatar Sep 22 '22 15:09 mwfriedm

No ETA on this yet, but I have confirmed that the work is in-progress. Thanks for checking.

brianrob avatar Sep 22 '22 21:09 brianrob

Any updates or an ETA on this? @brianrob

SoftwareGuyRob avatar Aug 15 '23 16:08 SoftwareGuyRob

FYI, there is a fix available for this. I have it on my backlog to do the work to pull it in.

brianrob avatar Sep 14 '23 16:09 brianrob