VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-axvm-3dh9-3kf6

Essentials
Severities (24)
References (6)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-axvm-3dh9-3kf6
Aliases	CVE-2017-0247 GHSA-6xh7-4v2w-36q6
Summary	Improper Input Validation A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-707	Improper Neutralization

System	Score	Found at
epss	0.11122	https://api.first.org/data/v1/epss?cve=CVE-2017-0247
epss	0.11122	https://api.first.org/data/v1/epss?cve=CVE-2017-0247
epss	0.11122	https://api.first.org/data/v1/epss?cve=CVE-2017-0247
epss	0.11122	https://api.first.org/data/v1/epss?cve=CVE-2017-0247
epss	0.11122	https://api.first.org/data/v1/epss?cve=CVE-2017-0247
epss	0.11122	https://api.first.org/data/v1/epss?cve=CVE-2017-0247
epss	0.11122	https://api.first.org/data/v1/epss?cve=CVE-2017-0247
epss	0.11122	https://api.first.org/data/v1/epss?cve=CVE-2017-0247
epss	0.11122	https://api.first.org/data/v1/epss?cve=CVE-2017-0247
epss	0.11122	https://api.first.org/data/v1/epss?cve=CVE-2017-0247
epss	0.11122	https://api.first.org/data/v1/epss?cve=CVE-2017-0247
epss	0.11122	https://api.first.org/data/v1/epss?cve=CVE-2017-0247
epss	0.11122	https://api.first.org/data/v1/epss?cve=CVE-2017-0247
cvssv3.1	7.5	https://github.com/advisories/GHSA-6xh7-4v2w-36q6
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-6xh7-4v2w-36q6
generic_textual	HIGH	https://github.com/advisories/GHSA-6xh7-4v2w-36q6
cvssv3.1	7.5	https://github.com/aspnet/Announcements/issues/239
generic_textual	HIGH	https://github.com/aspnet/Announcements/issues/239
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2017-0247
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2017-0247
cvssv3.1	7.5	https://technet.microsoft.com/en-us/library/security/4021279.aspx
generic_textual	HIGH	https://technet.microsoft.com/en-us/library/security/4021279.aspx
cvssv3.1	7.5	https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS
generic_textual	HIGH	https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2017-0247
		https://github.com/aspnet/Announcements/issues/239
		https://technet.microsoft.com/en-us/library/security/4021279.aspx
		https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS
CVE-2017-0247		https://nvd.nist.gov/vuln/detail/CVE-2017-0247
GHSA-6xh7-4v2w-36q6		https://github.com/advisories/GHSA-6xh7-4v2w-36q6

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/advisories/GHSA-6xh7-4v2w-36q6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/aspnet/Announcements/issues/239

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-0247

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://technet.microsoft.com/en-us/library/security/4021279.aspx

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.93431
EPSS Score	0.11122
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:47:14.238508+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNet.Mvc/CVE-2017-0247.yml	38.0.0