CVE-2010-4159 — Mono vulnerability

7 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 71.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mono Debian Mono

Timeline

PublishedNov 17

Latest updateMay 17

Description

Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/mono< mono 2.6.7-4 (bookworm)

▶Debianmono/mono< 2.6.7-4+3

▶NVDmono/mono2.6.7+65

Patches

Patch: lists.ximian.com ↗Patch: github.com ↗Patch: lists.ximian.com ↗

🔴Vulnerability Details

GHSA

GHSA-7g38-2ph5-vm4v: Untrusted search path vulnerability in metadata/loader↗2022-05-17

▶

OSV

CVE-2010-4159: Untrusted search path vulnerability in metadata/loader↗2010-11-17

▶

📋Vendor Advisories

Ubuntu

Mono vulnerabilities↗2012-07-25

▶

Debian

CVE-2010-4159: mono - Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier...↗2010

▶

💬Community

Bugzilla

CVE-2010-4159 mono: untrusted search path vulnerability↗2010-11-17

▶

Bugzilla

CVE-2010-4159 mono: untrusted search path vulnerability [fedora-all]↗2010-11-17

▶