CVE-2010-4254

EPSS 19.91%
Veröffentlicht 06.12.2010 13:44:54
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mono ≫ Mono

Novell ≫ Moonlight Version <= 2.3.0

Novell ≫ Moonlight Version2.99.0

Novell ≫ Moonlight Version2.99.1

Novell ≫ Moonlight Version2.99.2

Novell ≫ Moonlight Version2.99.7

Novell ≫ Moonlight Version2.99.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	19.91%	0.952

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html

http://secunia.com/advisories/42877

http://www.vupen.com/english/advisories/2011/0076

http://secunia.com/advisories/42373

Vendor Advisory

http://www.exploit-db.com/exploits/15974

http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability

http://www.securityfocus.com/bid/45051

https://bugzilla.novell.com/show_bug.cgi?id=654136

https://bugzilla.novell.com/show_bug.cgi?id=655847

https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399