Microsoft CVE-2017-8585 (.NET Core 1.x) revised

Microsoft has re-released Security Advisory CVE-2017-8585  (.NET Denial of Service Vulnerability) on November 9, 2017, because .NET Core 1.0 and .NET Core 1.1 are also affected.


CVE-2017-8585 has been addressed in security updates in July 2017, but the documentation didn't addesses the vulnerability of .NET Core 1.0 and .NET Core 1.1. Now Microsoft has released an updates version of Security Advisory CVE-2017-8585:

– Title: CVE-2017-8585 | .NET Denial of Service Vulnerability
– Reasons for Revision: Revised the Affected Products table to include
   .NET Core 1.0 and .NET Core 1.1 because they are affected by
   CVE-2017-8585. Customers running these versions of .NET Core can
   find more information on GitHub at
   This is an informational change only.
– Originally posted: July 11, 2017 
– Updated: November 9, 2017
– CVE Severity Rating: Important
– Version: 2.0

Affected are only .NET Core 1. applications running under Windows 10 or Windows 2016.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *