6.8

CVE-2011-0991

Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MonoMono
NovellMoonlight Version2.0
NovellMoonlight Version2.3.0
NovellMoonlight Version2.4
NovellMoonlight Version2.31
NovellMoonlight Version3.0
NovellMoonlight Version3.99
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.93% 0.853
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.mono-project.com/Vulnerabilities
Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html
http://openwall.com/lists/oss-security/2011/04/06/14
Patch
http://secunia.com/advisories/44002
Vendor Advisory
http://secunia.com/advisories/44076
Vendor Advisory
http://www.securityfocus.com/bid/47208
http://www.vupen.com/english/advisories/2011/0904
Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=667077
Patch
https://bugzilla.novell.com/show_bug.cgi?id=660422
https://exchange.xforce.ibmcloud.com/vulnerabilities/66626
https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a
Patch
https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c
Patch
https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0
Patch