5.8

CVE-2011-0992

Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MonoMono
NovellMoonlight Version2.0
NovellMoonlight Version2.3.0
NovellMoonlight Version2.4
NovellMoonlight Version2.31
NovellMoonlight Version3.0
NovellMoonlight Version3.99
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.69% 0.839
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.mono-project.com/Vulnerabilities
Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html
http://openwall.com/lists/oss-security/2011/04/06/14
Patch
http://secunia.com/advisories/44002
Vendor Advisory
http://secunia.com/advisories/44076
Vendor Advisory
http://www.securityfocus.com/bid/47208
http://www.vupen.com/english/advisories/2011/0904
Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=667077
Patch
https://bugzilla.novell.com/show_bug.cgi?id=678515
https://bugzilla.redhat.com/show_bug.cgi?id=694933
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66627
https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91
Patch