GHSA-7mfr-774f-w5r9

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-7mfr-774f-w5r9/GHSA-7mfr-774f-w5r9.json

Aliases

CVE-2017-11770

Published

2022-04-12T00:07:34Z

Modified

2023-03-28T05:31:21.675190Z

Details

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".

References

Affected packages

NuGet / System.Security.Cryptography.X509Certificates

System.Security.Cryptography.X509Certificates

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.1.2

Affected versions

4.*

4.1.0

4.1.0-rc2-24027

4.1.1

NuGet / Microsoft.NETCore.App

Microsoft.NETCore.App

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

2.0.3

Affected versions

1.*

1.0.0

1.0.1

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.3

1.0.4

1.0.5

1.0.5-servicing-004880-00

1.0.7

1.0.8

1.0.9

1.1.0

1.1.0-preview1-001100-00

1.1.1

1.1.10

1.1.11

1.1.12

1.1.13

1.1.2

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

2.*

2.0.0

2.0.0-preview1-002111-00

2.0.0-preview2-25407-01