A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core web application. The vulnerability can be exploited remotely, without authentication.
A remote unauthenticated attacker could exploit this vulnerability by providing a specially crafted certificate to the .NET Core application.
The update addresses the vulnerability by correcting how the .NET Core web application handles parsing certificate data.