5.8

CVE-2011-0990

Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MonoMono
NovellMoonlight Version2.0
NovellMoonlight Version2.3.0
NovellMoonlight Version2.4
NovellMoonlight Version2.31
NovellMoonlight Version3.0
NovellMoonlight Version3.99
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.16% 0.799
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:N/I:P/A:P
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.mono-project.com/Vulnerabilities
http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html
http://openwall.com/lists/oss-security/2011/04/06/14
Patch
http://secunia.com/advisories/44002
Vendor Advisory
http://secunia.com/advisories/44076
Vendor Advisory
http://www.securityfocus.com/bid/47208
http://www.vupen.com/english/advisories/2011/0904
Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=667077
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66625
https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c
Patch