High severity7.5NVD Advisory· Published Nov 15, 2017· Updated Jun 17, 2026
CVE-2017-11770
CVE-2017-11770
Description
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
System.Security.Cryptography.X509CertificatesNuGet | >= 4.0.0, < 4.1.2 | 4.1.2 |
Microsoft.NETCore.AppNuGet | >= 1.0.0, < 2.0.3 | 2.0.3 |
Affected products
6cpe:2.3:a:microsoft:aspnetcore:1.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:aspnetcore:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:aspnetcore:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:aspnetcore:2.0:*:*:*:*:*:*:*
- ghsa-coords2 versions
>= 1.0.0, < 2.0.3+ 1 more
- (no CPE)range: >= 1.0.0, < 2.0.3
- (no CPE)range: >= 4.0.0, < 4.1.2
- Microsoft Corporation/.NET Corev5Range: .NET Core 1.0, .NET Core 1.1, and .NET Core 2.0
Patches
Vulnerability mechanics
References
6- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770nvdPatchVendor AdvisoryWEB
- www.securityfocus.com/bid/101710nvdThird Party AdvisoryVDB EntryWEB
- www.securitytracker.com/id/1039787nvdThird Party AdvisoryVDB EntryWEB
- access.redhat.com/errata/RHSA-2017:3248nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-7mfr-774f-w5r9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-11770ghsaADVISORY
News mentions
0No linked articles in our index yet.