.Net's sort is not secure and is vulnerable to an attacker who can use it to create a DOS attack - by Zimbry

Status : 

  Won't Fix<br /><br />
		Due to several factors the product team decided to focus its efforts on other items.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.


7
0
Sign in
to vote
ID 716864 Comments
Status Closed Workarounds
Type Bug Repros 1
Opened 1/5/2012 1:41:57 PM
Access Restriction Public

Description

Details and a replacement sort function are here:

http://zimbry.blogspot.com/2012/01/nets-sort-is-not-secure-dont-use-it.html
Sign in to post a comment.
Posted by Microsoft on 1/6/2012 at 1:24 PM
Hi Zimbry!

Thanks for bringing up this interesting issue. We are always grateful when customers point towards potential concerns - this helps us ensuring the quality of the .NET Framework and driving the product into the right direction.

Indeed, you have discovered a genuine problem with the system. Unfortunately, we cannot fix this issue because it may affect the behaviour of existing programs.


However, given the work that would be involved in implementing this work, and triaging against our current set of deliverables, we do not think, we would be able to get to this in the near future.

Having said that, we value your suggestions, and would like to assure you that, we would keep these ideas in mind, when we do revisit this feature in the future.

Thanks again for providing feedback.

Vamshi.
(Software Engineer on the .NET Base Class Libraries team)

Posted by MS-Moderator10 [Feedback Moderator] on 1/5/2012 at 11:57 PM
Thanks for your feedback.

We are rerouting this issue to the appropriate group within the Visual Studio Product Team for triage and resolution. These specialized experts will follow-up with your issue.
Posted by MS-Moderator01 on 1/5/2012 at 2:43 PM
Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(http://support.microsoft.com)