GHSA-7mfr-774f-w5r9

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-7mfr-774f-w5r9/GHSA-7mfr-774f-w5r9.json
Aliases
  • CVE-2017-11770
Published
2022-04-12T00:07:34Z
Modified
2022-08-15T08:53:50.283616Z
Details

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".

References

Affected packages

NuGet / System.Security.Cryptography.X509Certificates

System.Security.Cryptography.X509Certificates

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.1.2

Affected versions

4.*

4.1.0
4.1.0-rc2-24027
4.1.1

NuGet / Microsoft.NETCore.App

Microsoft.NETCore.App

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
2.0.3

Affected versions

1.*

1.0.0
1.0.1
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.3
1.0.4
1.0.5
1.0.5-servicing-004880-00
1.0.7
1.0.8
1.0.9
1.1.0
1.1.0-preview1-001100-00
1.1.1
1.1.10
1.1.11
1.1.12
1.1.13
1.1.2
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9

2.*

2.0.0
2.0.0-preview1-002111-00
2.0.0-preview2-25407-01