CVE-2017-20190

Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether the computational cost of interpreting Unicode data should be considered a vulnerability.

CVSS

No CVSS.

References

Link	Resource
https://aka.ms/windowsbugbar
https://en.wikipedia.org/wiki/Zalgo_text
https://talk.dynalist.io/t/dynalist-is-vulnerable-to-zalgo/1234
https://aka.ms/windowsbugbar
https://en.wikipedia.org/wiki/Zalgo_text
https://talk.dynalist.io/t/dynalist-is-vulnerable-to-zalgo/1234

Configurations

No configuration.

History

21 Nov 2024, 03:22

Type	Values Removed	Values Added
References	~~() https://aka.ms/windowsbugbar -~~	() https://aka.ms/windowsbugbar -
References	~~() https://en.wikipedia.org/wiki/Zalgo_text -~~	() https://en.wikipedia.org/wiki/Zalgo_text -
References	~~() https://talk.dynalist.io/t/dynalist-is-vulnerable-to-zalgo/1234 -~~	() https://talk.dynalist.io/t/dynalist-is-vulnerable-to-zalgo/1234 -

08 Aug 2024, 19:35

Type	Values Removed	Values Added
CWE		CWE-176

27 Mar 2024, 12:29

Type	Values Removed	Values Added
Summary		(es) Algunas tecnologías de Microsoft utilizadas en Windows 8 a 11 permiten una degradación temporal del rendimiento del lado del cliente durante el procesamiento de múltiples caracteres combinados Unicode, también conocido como ataque de "texto Zalgo". NOTA: los terceros cuestionan si el costo computacional de interpretar los datos Unicode debe considerarse una vulnerabilidad.

27 Mar 2024, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-27 00:15

Updated : 2024-11-21 03:22

NVD link : CVE-2017-20190

Mitre link : CVE-2017-20190

CVE.ORG link : CVE-2017-20190

JSON object : View

Products Affected

No product.

CWE

CWE-176

Improper Handling of Unicode Encoding

JSON object

Attach tags to CVE-2017-20190

Attach tags to `CVE-2017-20190`