CVE-2011-0990

2011-04-1321:55:00

CWE-362

mitre

web.nvd.nist.gov

cve

2011

0990

race condition

fastcopy

array.copy

mono

buffer overflow

denial of service

security manager

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

Confidence

Low

EPSS

0.08

Percentile

94.3%

JSON

Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.

Affected configurations

Nvd

Node

monomono

novellmoonlightMatch2.0

novellmoonlightMatch2.3.0

novellmoonlightMatch2.4

novellmoonlightMatch2.31

novellmoonlightMatch3.0

novellmoonlightMatch3.99

VendorProductVersionCPE
monomono*cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*
novellmoonlight2.0cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*
novellmoonlight2.3.0cpe:2.3:a:novell:moonlight:2.3.0:*:*:*:*:*:*:*
novellmoonlight2.4cpe:2.3:a:novell:moonlight:2.4:*:*:*:*:*:*:*
novellmoonlight2.31cpe:2.3:a:novell:moonlight:2.31:*:*:*:*:*:*:*
novellmoonlight3.0cpe:2.3:a:novell:moonlight:3.0:*:*:*:*:*:*:*
novellmoonlight3.99cpe:2.3:a:novell:moonlight:3.99:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mono	mono	*	cpe:2.3:a:mono:mono::::::::
novell	moonlight	2.0	cpe:2.3:a:novell:moonlight:2.0:::::::*
novell	moonlight	2.3.0	cpe:2.3:a:novell:moonlight:2.3.0:::::::*
novell	moonlight	2.4	cpe:2.3:a:novell:moonlight:2.4:::::::*
novell	moonlight	2.31	cpe:2.3:a:novell:moonlight:2.31:::::::*
novell	moonlight	3.0	cpe:2.3:a:novell:moonlight:3.0:::::::*
novell	moonlight	3.99	cpe:2.3:a:novell:moonlight:3.99:::::::*