CVE-2017-20190 : Some Microsoft technologies as used in Windows 8 through 11 allow a temporary cl

Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether the computational cost of interpreting Unicode data should be considered a vulnerability.

Published 2024-03-26 00:00:00

Updated 2024-08-12 13:38:08

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2017-20190

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2017-20190

EPSS FAQ

0.10%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 28 %

Percentile, the proportion of vulnerabilities that are scored at or less

CWE ids for CVE-2017-20190

CWE-176 Improper Handling of Unicode Encoding

The product does not properly handle when an input contains Unicode encoding.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2017-20190

https://en.wikipedia.org/wiki/Zalgo_text

Zalgo text - Wikipedia
https://aka.ms/windowsbugbar
https://talk.dynalist.io/t/dynalist-is-vulnerable-to-zalgo/1234

Dynalist is vulnerable to Zalgo - 🐛Bugs - Dynalist Forum

Jump to

Vulnerability Details : CVE-2017-20190

Products affected by CVE-2017-20190

Exploit prediction scoring system (EPSS) score for CVE-2017-20190

CWE ids for CVE-2017-20190

References for CVE-2017-20190