CVE-2017-11770: Improper Certificate Validation

April 12, 2022

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka “.NET CORE Denial Of Service Vulnerability”.

References

www.securityfocus.com/bid/101710
www.securitytracker.com/id/1039787
access.redhat.com/errata/RHSA-2017:3248
github.com/advisories/GHSA-7mfr-774f-w5r9
nvd.nist.gov/vuln/detail/CVE-2017-11770
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770

Detect and mitigate CVE-2017-11770 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →