CVE-2011-0990

13.04.2011, 21:55

Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.

Race Condition

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	5.8 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:P
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 77%

Vendor	Product	Version
mono	mono	*
novell	moonlight	2.0
novell	moonlight	2.3.0
novell	moonlight	2.4
novell	moonlight	2.31
novell	moonlight	3.0
novell	moonlight	3.99

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

mono

bullseye	6.8.0.105+dfsg-3.3~deb11u1 fixed
bookworm	6.8.0.105+dfsg-3.3 fixed
sid	6.12.0.199+dfsg-2 fixed
trixie	6.12.0.199+dfsg-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

mono

raring	not-affected
quantal	not-affected
precise	not-affected
oneiric	not-affected
natty	ignored
maverick	ignored
lucid	ignored
karmic	ignored
hardy	ignored
dapper	ignored