.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".

Affected Packages

NuGet System.Security.Cryptography.X509Certificates

Affected versions: 4.0.0 (fixed in 4.1.2)

NuGet Microsoft.NETCore.App

Affected versions: 1.0.0 (fixed in 2.0.3)

Related CVEs

CVE-2017-11770

Key Information

GHSA ID

GHSA-7mfr-774f-w5r9

Published

April 12, 2022 12:07 AM

Last Modified

April 12, 2022 12:07 AM

CVSS Score

7.5 /10

Primary Ecosystem

NuGet

Primary Package

System.Security.Cryptography.X509Certificates

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 31, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.