CVE-2007-5197

EPSS 2.34%
Published 02.11.2007 16:46:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.

Affected products Warnungen 0 Metrics 2 CWE 1 References 23

Data is provided by the National Vulnerability Database (NVD)

Mono ≫ Mono Version <= 1.2.5.1

   Suse ≫ Suse Linux Openexchange Server Version4.0
   Debian ≫ Debian Linux Version4.0 Editionalpha
   Debian ≫ Debian Linux Version4.0 Editionamd64
   Debian ≫ Debian Linux Version4.0 Editionarm
   Debian ≫ Debian Linux Version4.0 Editionhppa
   Debian ≫ Debian Linux Version4.0 Editionia-32
   Debian ≫ Debian Linux Version4.0 Editionia-64
   Debian ≫ Debian Linux Version4.0 Editionm68k
   Debian ≫ Debian Linux Version4.0 Editionmips
   Debian ≫ Debian Linux Version4.0 Editionmipsel
   Debian ≫ Debian Linux Version4.0 Editionpowerpc
   Debian ≫ Debian Linux Version4.0 Editions390
   Debian ≫ Debian Linux Version4.0 Editionsparc
   Opensuse ≫ Opensuse Version10.2
   Opensuse ≫ Opensuse Version10.3
   Suse ≫ Suse Linux Version1.0
   Suse ≫ Suse Linux Version8 Editionenterprise_server
   Suse ≫ Suse Linux Version8.0 Editionretail_solution
   Suse ≫ Suse Linux Version9.0
   Suse ≫ Suse Linux Version9.0 Editionenterprise_server
   Suse ≫ Suse Linux Version10 Editionenterprise_desktop
   Suse ≫ Suse Linux Version10 Editionenterprise_server
   Suse ≫ Suse Linux Version10 Updatesp1 Editionenterprise_desktop
   Suse ≫ Suse Linux Version10.0 Editionpersonal
   Suse ≫ Suse Linux Version10.0 Editionppc
   Suse ≫ Suse Linux Version10.0 Editionprofessional
   Suse ≫ Suse Linux Version10.0 Editionx86
   Suse ≫ Suse Linux Version10.0 Editionx86_64
   Suse ≫ Suse Linux Version10.1 Editionpersonal
   Suse ≫ Suse Linux Version10.1 Editionppc
   Suse ≫ Suse Linux Version10.1 Editionprofessional
   Suse ≫ Suse Linux Version10.1 Editionx86
   Suse ≫ Suse Linux Version10.1 Editionx86_64
   Suse ≫ Suse Linux Version10.2 Editionpersonal
   Suse ≫ Suse Linux Version10.2 Editionprofessional
   Suse ≫ Suse United Linux Version1.0

Mono ≫ Mono Version1.0

Mono ≫ Mono Version1.0.5

Mono ≫ Mono Version1.1.4

Mono ≫ Mono Version1.1.8.3

Mono ≫ Mono Version1.1.13

Mono ≫ Mono Version1.1.13.4

Mono ≫ Mono Version1.1.13.6

Mono ≫ Mono Version1.1.13.7

Mono ≫ Mono Version1.1.17

Mono ≫ Mono Version1.1.17.1

Mono ≫ Mono Version1.1.18

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.34%	0.842

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/27439

http://www.novell.com/linux/security/advisories/2007_23_sr.html

http://bugs.gentoo.org/attachment.cgi?id=134361&action=view

http://bugs.gentoo.org/show_bug.cgi?id=197067

http://secunia.com/advisories/27493

http://secunia.com/advisories/27511

http://secunia.com/advisories/27583

http://secunia.com/advisories/27612

http://secunia.com/advisories/27639

http://secunia.com/advisories/27937

http://www.debian.org/security/2007/dsa-1397

http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml