CVE-2017-0247

Name of the Vulnerable Software and Affected Versions ASP.NET Core Mvc versions prior to 1.0.4 ASP.NET Core Mvc versions 1.1.x prior to 1.1.3

Description A denial of service issue exists due to the failure of ASP.NET Core to properly validate web requests. This is reportedly caused by the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package, which fails to correctly calculate the length of 4-byte characters in the Unicode Non-Character range, allowing remote attackers to cause a denial of service.

Recommendations For ASP.NET Core Mvc versions prior to 1.0.4, update to version 1.0.4 or later. For ASP.NET Core Mvc versions 1.1.x prior to 1.1.3, update to version 1.1.3 or later.