Home

CVE-2017-0247

Description

A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
11.122

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Core 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Core 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Http 4.1.2Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Http 4.3.2Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Text.Encodings.Web 4.0.1Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Text.Encodings.Web 4.3.1Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Http.WinHttpHandler 4.0.1Windows
Vulnerabilities CVE-2017-0247 are fixed in Nuget - System.Net.Http.WinHttpHandler 4.5.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Security 4.0.1Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Security 4.3.1Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.WebSockets.Client 4.0.1Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.WebSockets.Client 4.3.1Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Abstractions 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Abstractions 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Json 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Json 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Xml 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Xml 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Cors 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Cors 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ApiExplorer 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ApiExplorer 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.DataAnnotations 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.DataAnnotations 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Localization 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Localization 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.TagHelpers 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.TagHelpers 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ViewFeatures 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ViewFeatures 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.WebApiCompatShim 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.WebApiCompatShim 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor.Host 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor.Host 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Core for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Core for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Http for Linux 4.1.2Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Http for Linux 4.3.2Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Text.Encodings.Web for Linux 4.0.1Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Text.Encodings.Web for Linux 4.3.1Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Http.WinHttpHandler for Linux 4.0.1Linux
Vulnerabilities CVE-2017-0247 are fixed in Nuget - System.Net.Http.WinHttpHandler for Linux 4.5.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Security for Linux 4.0.1Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Security for Linux 4.3.1Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.WebSockets.Client for Linux 4.0.1Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.WebSockets.Client for Linux 4.3.1Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Abstractions for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Abstractions for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Json for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Json for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Xml for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Xml for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Cors for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Cors for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ApiExplorer for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ApiExplorer for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.DataAnnotations for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.DataAnnotations for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Localization for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Localization for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.TagHelpers for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.TagHelpers for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ViewFeatures for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ViewFeatures for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.WebApiCompatShim for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.WebApiCompatShim for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor.Host for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor.Host for Linux 1.1.3Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234