7.5

CVE-2010-4254

Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MonoMono
NovellMoonlight Version <= 2.3.0
NovellMoonlight Version2.99.0
NovellMoonlight Version2.99.1
NovellMoonlight Version2.99.2
NovellMoonlight Version2.99.7
NovellMoonlight Version2.99.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.65% 0.96
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
http://secunia.com/advisories/42877
http://www.vupen.com/english/advisories/2011/0076
http://secunia.com/advisories/42373
Vendor Advisory
http://www.exploit-db.com/exploits/15974
http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability
http://www.securityfocus.com/bid/45051
https://bugzilla.novell.com/show_bug.cgi?id=654136
https://bugzilla.novell.com/show_bug.cgi?id=655847
https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399
Patch
https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358
Patch
https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac
Patch