HIGH 7.5

GHSA-7mfr-774f-w5r9

Improper Certificate Validation

상세

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

NuGet / System.Security.Cryptography.X509Certificates

최초 영향 버전: 4.0.0 수정 버전: 4.1.2

수정 dotnet add package System.Security.Cryptography.X509Certificates --version 4.1.2

NuGet / Microsoft.NETCore.App

최초 영향 버전: 1.0.0 수정 버전: 2.0.3

수정 dotnet add package Microsoft.NETCore.App --version 2.0.3

참고

https://nvd.nist.gov/vuln/detail/CVE-2017-11770 [ADVISORY]
https://access.redhat.com/errata/RHSA-2017:3248 [WEB]
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770 [WEB]
http://www.securityfocus.com/bid/101710 [WEB]
http://www.securitytracker.com/id/1039787 [WEB]